diff --git a/core/client/controllers/settings/navigation.js b/core/client/controllers/settings/navigation.js
index 6b634b0495..ef798f83c5 100644
--- a/core/client/controllers/settings/navigation.js
+++ b/core/client/controllers/settings/navigation.js
@@ -100,11 +100,13 @@ NavigationController = Ember.Controller.extend({
                 blogUrl = this.get('config').blogUrl,
                 blogUrlRegex = new RegExp('^' + blogUrl + '(.*)', 'i'),
                 navItems = this.get('navigationItems'),
+                message = 'One of your navigation items has an empty label. ' +
+                    '<br /> Please enter a new label or delete the item before saving.',
                 match;
 
             // Don't save if there's a blank label.
             if (navItems.find(function (item) { return !item.get('isComplete') && !item.get('last');})) {
-                self.notifications.showErrors(['One of your navigation items has an empty label.<br>Please enter a new label or delete the item before saving.']);
+                self.notifications.showErrors([message.htmlSafe()]);
                 return;
             }
 
diff --git a/core/client/routes/application.js b/core/client/routes/application.js
index 986d87ccc4..2b77facdd5 100644
--- a/core/client/routes/application.js
+++ b/core/client/routes/application.js
@@ -55,6 +55,11 @@ ApplicationRoute = Ember.Route.extend(SimpleAuth.ApplicationRouteMixin, Shortcut
 
         sessionAuthenticationFailed: function (error) {
             if (error.errors) {
+                // These are server side errors, which can be marked as htmlSafe
+                error.errors.forEach(function (err) {
+                    err.message = err.message.htmlSafe();
+                });
+
                 this.notifications.showErrors(error.errors);
             } else {
                 // connection errors don't return proper status message, only req.body
diff --git a/core/server/models/user.js b/core/server/models/user.js
index c264f98143..c0c72b45ef 100644
--- a/core/server/models/user.js
+++ b/core/server/models/user.js
@@ -644,7 +644,7 @@ User = ghostBookshelf.Model.extend({
                     if (!matched) {
                         return Promise.resolve(self.setWarning(user, {validate: false})).then(function (remaining) {
                             s = (remaining > 1) ? 's' : '';
-                            return Promise.reject(new errors.UnauthorizedError('Your password is incorrect.<br>' +
+                            return Promise.reject(new errors.UnauthorizedError('Your password is incorrect. <br />' +
                                 remaining + ' attempt' + s + ' remaining!'));
 
                             // Use comma structure, not .catch, because we don't want to catch incorrect passwords