diff --git a/classes/feeds.php b/classes/feeds.php
index 31224d1db..5280502c4 100644
--- a/classes/feeds.php
+++ b/classes/feeds.php
@@ -503,7 +503,7 @@ class Feeds extends Handler_Protected {
 					$reply['content'] .= "</div>";
 
 					$reply['content'] .= "<div id=\"PTITLE-FULL-$id\" style=\"display : none\">" .
-						strip_tags($line['title']) . "</div>";
+						htmlspecialchars(strip_tags($line['title'])) . "</div>";
 
 					$reply['content'] .= "<span id=\"RTITLE-$id\"
 						onclick=\"return cdmClicked(event, $id);\"
diff --git a/include/functions.php b/include/functions.php
index a80d09cbf..f37578ba3 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -3372,7 +3372,7 @@
 					</head><body>";
 			}
 
-			$title_escaped = db_escape_string($line['title']);
+			$title_escaped = htmlspecialchars($line['title']);
 
 			$rv['content'] .= "<div id=\"PTITLE-$id\" style=\"display : none\">" .
 				truncate_string(strip_tags($line['title']), 15) . "</div>";
@@ -3400,7 +3400,7 @@
 				$rv['content'] .= "<div class='postTitle'><a target='_blank'
 					title=\"".htmlspecialchars($line['title'])."\"
 					href=\"" .
-					$line["link"] . "\">" .
+					htmlspecialchars($line["link"]) . "\">" .
 					$line["title"] .
 					"<span class='author'>$entry_author</span></a></div>";
 			} else {