diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
index cefadc4d..945cca20 100644
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --no-offense-counts --no-auto-gen-timestamp`
-# using RuboCop version 1.56.4.
+# using RuboCop version 1.57.2.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -35,7 +35,7 @@ Metrics/MethodLength:
 
 # Configuration parameters: CountComments, CountAsOne.
 Metrics/ModuleLength:
-  Max: 209
+  Max: 213
 
 # Configuration parameters: CountKeywordArgs, MaxOptionalParameters.
 Metrics/ParameterLists:
diff --git a/Manifest.txt b/Manifest.txt
index 260cf363..d217d0d1 100644
--- a/Manifest.txt
+++ b/Manifest.txt
@@ -37,7 +37,10 @@ app/assets/javascripts/lang/fr_FR.js
 app/assets/javascripts/lang/nl_NL.js
 app/assets/javascripts/lang/zh_TW.js
 app/assets/javascripts/lightbox.js
+app/assets/javascripts/markup_help_popup.js
 app/assets/javascripts/observe.js
+app/assets/javascripts/optional_field_toggle.js
+app/assets/javascripts/preview_comment.js
 app/assets/javascripts/publify.js
 app/assets/javascripts/publify_admin.js
 app/assets/javascripts/quicktags.js
diff --git a/app/assets/javascripts/markup_help_popup.js b/app/assets/javascripts/markup_help_popup.js
new file mode 100644
index 00000000..e52a548a
--- /dev/null
+++ b/app/assets/javascripts/markup_help_popup.js
@@ -0,0 +1,25 @@
+$(document).ready(function() {
+  $('.markup-help-popup-link').on("click", function(e){
+    var dialog = document.getElementById(e.target.dataset["target"]);
+    var url = e.target.dataset.url;
+
+    $.ajax({
+      url: url,
+      type: 'get',
+      dataType: 'html',
+      success: function(data) {
+        dialog.getElementsByClassName("content-target").item(0).innerHTML = data;
+        dialog.showModal();
+      }
+    });
+    e.preventDefault();
+  });
+  $('.markup-help-popup-close').on("click", function(e) {
+    e.target.closest('dialog').close();
+  });
+  $('.markup-help-popup').on("click", function(e) {
+    if (e.target == e.currentTarget) {
+      e.target.close();
+    }
+  });
+});
diff --git a/app/assets/javascripts/optional_field_toggle.js b/app/assets/javascripts/optional_field_toggle.js
new file mode 100644
index 00000000..f6b85516
--- /dev/null
+++ b/app/assets/javascripts/optional_field_toggle.js
@@ -0,0 +1,6 @@
+$(document).ready(function() {
+  $('.optional-field-toggle').on("click", function(e){
+    $('.optional_field').fadeToggle();
+    e.preventDefault();
+  });
+});
diff --git a/app/assets/javascripts/preview_comment.js b/app/assets/javascripts/preview_comment.js
new file mode 100644
index 00000000..5372bb6b
--- /dev/null
+++ b/app/assets/javascripts/preview_comment.js
@@ -0,0 +1,10 @@
+$(document).ready(function() {
+  $('.preview-comment-link').on("click", function(e) {
+    var lnk = e.currentTarget;
+    var preview_url = lnk.dataset.previewUrl;
+    var comment_form_selector = lnk.dataset.targetForm;
+
+    $.post(preview_url, $(comment_form_selector).serialize());
+    e.preventDefault();
+  });
+});
diff --git a/app/assets/javascripts/publify.js b/app/assets/javascripts/publify.js
index dbf9bb56..48447384 100644
--- a/app/assets/javascripts/publify.js
+++ b/app/assets/javascripts/publify.js
@@ -6,7 +6,10 @@
 //= require set-timeago-lang
 //= require jquery_ujs
 //= require lightbox
+//= require markup_help_popup
 //= require observe
+//= require optional_field_toggle
+//= require preview_comment
 //= require check_password
 //
 //= require_self
diff --git a/app/assets/javascripts/publify_admin.js b/app/assets/javascripts/publify_admin.js
index 0cff60aa..fcc35980 100644
--- a/app/assets/javascripts/publify_admin.js
+++ b/app/assets/javascripts/publify_admin.js
@@ -67,6 +67,7 @@ $(document).ready(function() {
   $('#article_form').each(function(e){autosave_request(e)});
   $('#article_form').submit(function(e){save_article_tags()});
   $('#article_form').each(function(e){tag_manager()});
+  $('#checkall').click(function(e){check_all(e.target)});
 
   // DropDown
   $(".dropdown-toggle").dropdown();
diff --git a/app/assets/stylesheets/publify.css.scss b/app/assets/stylesheets/publify.css.scss
index c250348f..b7270ecd 100644
--- a/app/assets/stylesheets/publify.css.scss
+++ b/app/assets/stylesheets/publify.css.scss
@@ -7,3 +7,24 @@
   border-bottom: #eee 1px solid;
   font-size: 0.9em;
 }
+
+.markup-help-popup {
+  padding: 0;
+}
+
+.markup-help-popup > div {
+  padding: 1em;
+}
+
+.markup-help-popup-close {
+  float: right;
+  cursor: pointer;
+}
+
+.admintools {
+  display: none;
+}
+
+.admin-tools-reveal:hover .admintools {
+  display: block;
+}
diff --git a/app/controllers/articles_controller.rb b/app/controllers/articles_controller.rb
index f32ec29a..4aa6c463 100644
--- a/app/controllers/articles_controller.rb
+++ b/app/controllers/articles_controller.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class ArticlesController < ContentController
+  include ActionView::Helpers::SanitizeHelper
+
   before_action :login_required, only: [:preview, :preview_page]
   before_action :verify_config
   before_action :auto_discovery_feed, only: [:show, :index]
@@ -127,7 +129,7 @@ def view_page
   def markup_help
     filter = TextFilter.make_filter(params[:id])
     if filter
-      render html: filter.commenthelp
+      render html: sanitize(filter.commenthelp)
     else
       render plain: "Unknown filter"
     end
diff --git a/app/helpers/base_helper.rb b/app/helpers/base_helper.rb
index 8fe6c982..1ffb3756 100644
--- a/app/helpers/base_helper.rb
+++ b/app/helpers/base_helper.rb
@@ -71,21 +71,29 @@ def meta_tag(name, value)
 
   def markup_help_popup(markup, text)
     if markup && markup.commenthelp.size > 1
-      link_to(text,
-              url_for(controller: "articles", action: "markup_help", id: markup.name),
-              onclick: "return popup(this, 'Publify Markup Help')")
+      modal = tag.dialog id: "this_markup_help_popup_dialog", class: "markup-help-popup" do
+        tag.div do
+          close_div = tag.div tag.span("\u2a09", class: "markup-help-popup-close")
+          content = tag.div class: "content-target"
+          safe_join [close_div, content]
+        end
+      end
+
+      url = url_for(controller: "articles", action: "markup_help", id: markup.name)
+
+      link = link_to(text, "#", class: "markup-help-popup-link",
+                                data: { target: "this_markup_help_popup_dialog",
+                                        url: url })
+
+      safe_join [modal, link]
     else
       ""
     end
   end
 
-  def onhover_show_admin_tools(type, id = nil)
-    admin_id = "#admin_#{[type, id].compact.join("_")}"
-    tag = []
-    tag << %{ onmouseover="if (getCookie('publify_user_profile') == 'admin')\
-             { $('#{admin_id}').show(); }" }
-    tag << %{ onmouseout="$('#{admin_id}').hide();" }
-    safe_join(tag, " ")
+  # This method's original implementation was broken. Now it does nothing.
+  def onhover_show_admin_tools(_type, _id = nil)
+    ""
   end
 
   def feed_title
diff --git a/app/views/admin/feedback/article.html.erb b/app/views/admin/feedback/article.html.erb
index eba43aa3..165275d1 100644
--- a/app/views/admin/feedback/article.html.erb
+++ b/app/views/admin/feedback/article.html.erb
@@ -16,7 +16,7 @@
     <thead>
       <tr class='noborder'>
         <th>
-          <input type="checkbox" name="checkall" id="checkall" onclick="check_all(this);" />
+          <input type="checkbox" name="checkall" id="checkall">
         </th>
         <th><%= t(".author") %></th>
         <th><%= t(".created_at") %></th>
diff --git a/app/views/admin/feedback/index.html.erb b/app/views/admin/feedback/index.html.erb
index a40df3c9..e29a353a 100644
--- a/app/views/admin/feedback/index.html.erb
+++ b/app/views/admin/feedback/index.html.erb
@@ -27,7 +27,7 @@
     <thead>
       <tr class='noborder'>
         <th>
-          <input type="checkbox" name="checkall" id="checkall" onclick="check_all(this);" />
+          <input type="checkbox" name="checkall" id="checkall">
         </th>
         <th><%= t(".author") %></th>
         <th><%= t(".created_at") %></th>
@@ -52,4 +52,4 @@
   </table>
 <% end %>
 
-<br class='clear' />
+<br class='clear'>
diff --git a/app/views/articles/_comment_form.html.erb b/app/views/articles/_comment_form.html.erb
index 91b111a2..25ad844d 100644
--- a/app/views/articles/_comment_form.html.erb
+++ b/app/views/articles/_comment_form.html.erb
@@ -10,7 +10,7 @@
         <td>
           <%= text_field 'comment', 'author', size: 20 %>
           <small>
-            <%= link_to '#', onclick: "$('.optional_field').fadeToggle();return false" do %>
+            <%= link_to '#', class: "optional-field-toggle" do %>
               (<%= t('.leave_url_email') %> &#187;)
             <% end %>
           </small>
@@ -39,8 +39,10 @@
       <tr>
         <td colspan="2" id="frm-btns">
           <%= markup_help_popup TextFilter.make_filter(this_blog.comment_text_filter), t('.comment_markup_help') %>
-          <a href="#" onclick="$.post('<%= @article.preview_comment_url %>', $('#comment_form').serialize());return false"><%= t('.preview_comment') %></a>
-          <input type="submit" name="submit" id="form-submit-button" value="submit" class="button" />
+          <%= link_to "#", data: { preview_url: @article.preview_comment_url, target_form: "#comment_form" }, class: "preview-comment-link" do %>
+            <%= t('.preview_comment') %>
+          <% end %>
+          <input type="submit" name="submit" id="form-submit-button" value="submit" class="button">
         </td>
       </tr>
     </table>
diff --git a/app/views/articles/_trackback.html.erb b/app/views/articles/_trackback.html.erb
index cdb31f62..44dbe2f5 100644
--- a/app/views/articles/_trackback.html.erb
+++ b/app/views/articles/_trackback.html.erb
@@ -1,6 +1,6 @@
-<li id="trackback-<%= trackback.id %>"<%= onhover_show_admin_tools(:trackback, trackback.id) %>>
+<li id="trackback-<%= trackback.id %>">
   <a name="trackback-<%= trackback.id %>"></a>
-  <%= t('.from') %> <strong><%= trackback.blog_name %></strong><br />
-  <a href="<%= trackback.url %>" rel="nofollow"><%= h trackback.title %></a><br />
+  <%= t('.from') %> <strong><%= trackback.blog_name %></strong><br>
+  <a href="<%= trackback.url %>" rel="nofollow"><%= h trackback.title %></a><br>
   <%= trackback.excerpt %>
 </li>
diff --git a/app/views/articles/read.html.erb b/app/views/articles/read.html.erb
index 7880045d..8ecab910 100644
--- a/app/views/articles/read.html.erb
+++ b/app/views/articles/read.html.erb
@@ -1,5 +1,7 @@
-<div class="post"<%= onhover_show_admin_tools(:article) %>>
-  <%= link_to(t('.edit'), { controller: 'admin/articles', action: 'edit', id: @article.id }, { class: 'admintools', style: 'display: none', id: 'admin_article' }) %>
+<div class="post admin-tools-reveal">
+  <% if current_user&.profile == "admin" %>
+    <%= link_to(t('.edit'), edit_admin_article_path(@article.id), class: 'admintools', id: 'admin_article') %>
+  <% end %>
   <% cache @article do %>
     <h2><%= link_to_permalink @article, @article.title %></h2>
     <%= render 'articles/article_author', article: @article %>
diff --git a/app/views/comments/_comment.html.erb b/app/views/comments/_comment.html.erb
index 7f01dcc8..97c2cb73 100644
--- a/app/views/comments/_comment.html.erb
+++ b/app/views/comments/_comment.html.erb
@@ -1,5 +1,5 @@
 <% cache comment do %>
-  <li id="comment-<%= comment.id %>" <%= 'class="author_comment"' if comment.user %> <%= onhover_show_admin_tools(:comment, comment.id) %>>
+  <li id="comment-<%= comment.id %>" <%= 'class="author_comment"' if comment.user %>>
     <p class="author">
     <%= avatar_tag(email: comment.email, url: comment.url) %>
     <cite><strong><%= link_to_unless(comment.url.blank?, h(comment.author), comment.url) %></strong></cite>