diff --git a/include/ajax.tickets.php b/include/ajax.tickets.php
index 708bb6dbdc88b3f6adadba7205cc60efb5da8b4c..7ebab82226a054d583f30a22df0a62a0ac2f3405 100644
--- a/include/ajax.tickets.php
+++ b/include/ajax.tickets.php
@@ -678,7 +678,7 @@ class TicketsAjaxAPI extends AjaxController {
                 Http::response(422, 'Unknown ticket variable');
 
             // Ticket thread variables are assumed to be quotes
-            $response = "<br/><blockquote>$response</blockquote><br/>";
+            $response = "<br/><blockquote>{$response->asVar()}</blockquote><br/>";
 
             //  Return text if html thread is not enabled
             if (!$cfg->isHtmlThreadEnabled())
diff --git a/include/class.thread.php b/include/class.thread.php
index aa1404d26a8d976bce599bced64e05ce0632b0d6..53c6faad30c8153b8f0cb139881483cc06f0e2af 100644
--- a/include/class.thread.php
+++ b/include/class.thread.php
@@ -1412,10 +1412,9 @@ class TextThreadBody extends ThreadBody {
 
         switch ($output) {
         case 'html':
-            return '<div style="white-space:pre-wrap">'
-                .Format::clickableurls(Format::htmlchars($this->body)).'</div>';
         case 'email':
-            return '<div style="white-space:pre-wrap">'.$this->body.'</div>';
+            return '<div style="white-space:pre-wrap">'
+                .Format::htmlchars($this->body).'</div>';
         case 'pdf':
             return nl2br($this->body);
         default: