diff --git a/app/Http/Controllers/CommentController.php b/app/Http/Controllers/CommentController.php
index 790b22142..565ceec5d 100644
--- a/app/Http/Controllers/CommentController.php
+++ b/app/Http/Controllers/CommentController.php
@@ -26,7 +26,7 @@ class CommentController extends Controller
       $reply = new Status();
       $reply->profile_id = $profile->id;
       $reply->caption = $comment;
-      $reply->rendered = $comment;
+      $reply->rendered = e($comment);
       $reply->in_reply_to_id = $status->id;
       $reply->in_reply_to_profile_id = $status->profile_id;
       $reply->save();
diff --git a/app/Jobs/StatusPipeline/StatusEntityLexer.php b/app/Jobs/StatusPipeline/StatusEntityLexer.php
index ebbf4ad44..c1d09ccb7 100644
--- a/app/Jobs/StatusPipeline/StatusEntityLexer.php
+++ b/app/Jobs/StatusPipeline/StatusEntityLexer.php
@@ -45,7 +45,7 @@ class StatusEntityLexer implements ShouldQueue
     public function parseHashtags()
     {
         $status = $this->status;
-        $text = $status->caption;
+        $text = e($status->caption);
         $tags = HashtagLexer::getHashtags($text);
         $rendered = $text;
         if(count($tags) > 0) {