diff --git a/app/views/shared/_publisher.haml b/app/views/shared/_publisher.haml
index 4e2e461d1af49f3c45d469c94ca9de3622d3568e..d6f2873e654eda11ae9e84523fa0ae2b4bfa8f1f 100644
--- a/app/views/shared/_publisher.haml
+++ b/app/views/shared/_publisher.haml
@@ -21,7 +21,7 @@
         %params
           #publisher_textarea_wrapper
             %ul#photodropzone
-            = status.text_area :message, :rows => 2, :value => params[:prefill]
+            = status.text_area :message, :rows => 2, :value => h(params[:prefill])
 
       - for aspect_id in @aspect_ids
         = hidden_field_tag 'aspect_ids[]', aspect_id.to_s
diff --git a/app/views/shared/_reshare.haml b/app/views/shared/_reshare.haml
index 872acc5314eab2aa8bc84b772c83e1ab1bbeb3e7..9f6f0ad45fba3af94e82031a8dfc93c6395b56f2 100644
--- a/app/views/shared/_reshare.haml
+++ b/app/views/shared/_reshare.haml
@@ -7,5 +7,5 @@
     = link_to t('.reshare'), "#"
 
   %ul.reshare_box
-    = aspect_links(aspects, :prefill => CGI::escape(post.message))
+    = aspect_links(aspects, :prefill => post.message)