diff --git a/app/models/status_message.rb b/app/models/status_message.rb
index 2c36387df..a9eb800f7 100644
--- a/app/models/status_message.rb
+++ b/app/models/status_message.rb
@@ -24,7 +24,7 @@ class StatusMessage < Post
   def to_activity
     <<-XML
   <entry>
-    <title>#{CGI::escape(self.message)}</title>
+    <title>#{x(self.message)}</title>
     <link rel="alternate" type="text/html" href="#{person.url}status_messages/#{self.id}"/>
     <id>#{person.url}status_messages/#{self.id}</id>
     <published>#{self.created_at.xmlschema}</published>
diff --git a/lib/diaspora/ostatus_builder.rb b/lib/diaspora/ostatus_builder.rb
index 21b568cf1..4052d5fa0 100644
--- a/lib/diaspora/ostatus_builder.rb
+++ b/lib/diaspora/ostatus_builder.rb
@@ -19,6 +19,8 @@ module Diaspora
 
 
   class OstatusBuilder
+    include Diaspora::Webhooks
+
     def initialize(user)
       @user = user
     end
@@ -29,11 +31,11 @@ module Diaspora
 <feed xml:lang="en-US" xmlns="http://www.w3.org/2005/Atom" xmlns:thr="http://purl.org/syndication/thread/1.0" xmlns:georss="http://www.georss.org/georss" xmlns:activity="http://activitystrea.ms/spec/1.0/" xmlns:media="http://purl.org/syndication/atommedia" xmlns:poco="http://portablecontacts.net/spec/1.0" xmlns:ostatus="http://ostatus.org/schema/1.0" xmlns:statusnet="http://status.net/schema/api/1/">
 <generator uri="http://joindiaspora.com/">Diaspora</generator>
 <id>#{@user.public_url}.atom</id>
-<title>#{@user.name}'s Public Feed</title>
+<title>#{x@user.name)}'s Public Feed</title>
 <subtitle>Posts from Diaspora</subtitle>
 <updated>#{Time.now.xmlschema}</updated>
 <author>
-  <name>#{CGI::escape(@user.name)}</name>
+  <name>#{x(@user.name)}</name>
   <uri>#{@user.public_url}</uri>
 </author>
       XML
@@ -51,7 +53,7 @@ module Diaspora
 <activity:subject>
   <activity:object-type>http://activitystrea.ms/schema/1.0/person</activity:object-type>
   <id>#{@user.public_url}</id>
-  <title>#{@user.name}</title>
+  <title>#{x(@user.name)}</title>
   <link rel="alternative" type="text/html" href="#{@user.public_url}"/>
   <link rel="avatar" type="image/jpeg" media:width="100" media:height="100" href="#{@user.profile.image_url}"/>
 </activity:subject>
diff --git a/lib/diaspora/webhooks.rb b/lib/diaspora/webhooks.rb
index fa1b75e32..4439fecdb 100644
--- a/lib/diaspora/webhooks.rb
+++ b/lib/diaspora/webhooks.rb
@@ -11,5 +11,17 @@ module Diaspora
       xml += "</XML>"
     end
 
+    def x(input)
+      result.gsub!(/[&<>'"]/) do | match |
+        case match
+        when '&' then return '&amp;'
+        when '<' then return '&lt;'
+        when '>' then return '&gt;'
+        when "'" then return '&apos;'
+        when '"' then return '&quote;'
+        end
+      end
+      return result
+    end
   end
 end