diff --git a/include/class.thread.php b/include/class.thread.php
index f45c0e518bd179d3a41b5000ada56b7b5ccdc1b5..9b4853a420b77b67d74a51bebad8875065f349b3 100644
--- a/include/class.thread.php
+++ b/include/class.thread.php
@@ -146,6 +146,10 @@ class Thread {
         //Add ticket Id.
         $vars['ticketId'] = $this->getTicketId();
 
+        // DELME: When HTML / rich-text is supported
+        $vars['title'] = Format::htmlchars($vars['title']);
+        $vars['body'] = Format::htmlchars($vars['body']);
+
         return Note::create($vars, $errors);
     }
 
@@ -154,6 +158,10 @@ class Thread {
         $vars['ticketId'] = $this->getTicketId();
         $vars['staffId'] = 0;
 
+        // DELME: When HTML / rich-text is supported
+        $vars['title'] = Format::htmlchars($vars['title']);
+        $vars['body'] = Format::htmlchars($vars['body']);
+
         return Message::create($vars, $errors);
     }
 
@@ -161,6 +169,10 @@ class Thread {
 
         $vars['ticketId'] = $this->getTicketId();
 
+        // DELME: When HTML / rich-text is supported
+        $vars['title'] = Format::htmlchars($vars['title']);
+        $vars['body'] = Format::htmlchars($vars['body']);
+
         return Response::create($vars, $errors);
     }