diff --git a/app/assets/javascripts/discourse/controllers/topic.js.es6 b/app/assets/javascripts/discourse/controllers/topic.js.es6 index c99a986550c..c532e55ea18 100644 --- a/app/assets/javascripts/discourse/controllers/topic.js.es6 +++ b/app/assets/javascripts/discourse/controllers/topic.js.es6 @@ -427,8 +427,8 @@ export default ObjectController.extend(Discourse.SelectedPostsCount, BufferedCon }).then(function() { return Em.isEmpty(quotedText) ? Discourse.Post.loadQuote(post.get('id')) : quotedText; }).then(function(q) { - const postUrl = "" + location.protocol + "//" + location.host + (post.get('url')), - postLink = "[" + self.get('title') + "](" + postUrl + ")"; + const postUrl = "" + location.protocol + "//" + location.host + post.get('url'), + postLink = "[" + Handlebars.escapeExpression(self.get('title')) + "](" + postUrl + ")"; composerController.appendText(I18n.t("post.continue_discussion", { postLink: postLink }) + "\n\n" + q); }); },