From b699c43b312f57d3ee028e7530356527134004e1 Mon Sep 17 00:00:00 2001
From: Michael M Slusarz <slusarz@horde.org>
Date: Thu, 20 Mar 2014 23:47:04 -0600
Subject: [PATCH] More fixes for escaping subject information

---
 imp/js/dimpbase.js    | 2 +-
 imp/js/smartmobile.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/imp/js/dimpbase.js b/imp/js/dimpbase.js
index 9703bd5f85b..e3c817ab4e0 100644
--- a/imp/js/dimpbase.js
+++ b/imp/js/dimpbase.js
@@ -509,7 +509,7 @@ var DimpBase = {
                         if (h == 'subject') {
                             /* This is an attribute, so we need to escape
                              * quotes only. */
-                            r.subjecttitle = r[h].gsub('"', '&quot;');
+                            r.subjecttitle = r[h].escapeHTML().gsub('"', '&quot;');
                         }
 
                         r[h] = r[h].escapeHTML();
diff --git a/imp/js/smartmobile.js b/imp/js/smartmobile.js
index 7ccabda84ab..2c697aab7f2 100644
--- a/imp/js/smartmobile.js
+++ b/imp/js/smartmobile.js
@@ -597,7 +597,7 @@ var ImpMobile = {
 
             list.append(
                 c.append(
-                    $('<a href="' + url + '"></a>').html(val.data.subject)).append(
+                    $('<a href="' + url + '"></a>').text(val.data.subject)).append(
                     $('<div class="imp-mailbox-secondrow"></div>').append(
                         $('<span class="imp-mailbox-date"></span>').text(
                             val.data.date)).append(