diff --git a/backend.php b/backend.php
index 419d1b98e..41b2c29db 100644
--- a/backend.php
+++ b/backend.php
@@ -806,15 +806,18 @@
 			}
 			print "<td align='center'>$feed_icon</td>";		
 
+			$edit_title = htmlspecialchars(db_unescape_string($line["title"]));
+			$edit_link = htmlspecialchars(db_unescape_string($line["feed_url"]));
+
 			if (!$edit_feed_id || $subop != "edit") {
 
 				print "<td><input onclick='toggleSelectRow(this);' 
 				type=\"checkbox\" id=\"FRCHK-".$line["id"]."\"></td>";
 
 				print "<td><a href=\"javascript:editFeed($feed_id);\">" . 
-					$line["title"] . "</td>";		
+					$edit_title . "</td>";		
 				print "<td><a href=\"javascript:editFeed($feed_id);\">" . 
-					$line["feed_url"] . "</td>";		
+					$edit_link . "</td>";		
 
 				if ($line["update_interval"] == "0")
 					$line["update_interval"] = "Default";
@@ -827,8 +830,8 @@
 				print "<td><input disabled=\"true\" type=\"checkbox\" 
 					id=\"FRCHK-".$line["id"]."\"></td>";
 
-				print "<td>".$line["title"]."</td>";		
-				print "<td>".$line["feed_url"]."</td>";		
+				print "<td>$edit_title</td>";		
+				print "<td>$edit_link</td>";		
 
 				if ($line["update_interval"] == "0")
 					$line["update_interval"] = "Default";
@@ -839,8 +842,8 @@
 
 				print "<td><input disabled=\"true\" type=\"checkbox\"></td>";
 
-				print "<td><input id=\"iedit_title\" value=\"".$line["title"]."\"></td>";
-				print "<td><input id=\"iedit_link\" value=\"".$line["feed_url"]."\"></td>";
+				print "<td><input id=\"iedit_title\" value=\"$edit_title\"></td>";
+				print "<td><input id=\"iedit_link\" value=\"$edit_link\"></td>";
 				print "<td><input id=\"iedit_updintl\" value=\"".$line["update_interval"]."\"></td>";
 					
 			}
diff --git a/db.php b/db.php
index c72bbd9df..e4673f679 100644
--- a/db.php
+++ b/db.php
@@ -103,6 +103,12 @@ function db_fetch_result($result, $row, $param) {
 	}
 }
 
+function db_unescape_string($str) {
+	$tmp = str_replace("\\\"", "\"", $str);
+	$tmp = str_replace("\\'", "'", $tmp);
+	return $tmp;
+}
+
 function db_close($link) {
 	if (DB_TYPE == "pgsql") {
 
diff --git a/opml.php b/opml.php
index bcfa31700..2e87c037a 100644
--- a/opml.php
+++ b/opml.php
@@ -24,8 +24,8 @@
 		$result = db_query($link, "SELECT * FROM ttrss_feeds ORDER BY title");
 
 		while ($line = db_fetch_assoc($result)) {
-			$title = $line["title"];
-			$url = $line["feed_url"];
+			$title = htmlspecialchars($line["title"]);
+			$url = htmlspecialchars($line["feed_url"]);
 
 			print "<outline text=\"$title\" xmlUrl=\"$url\"/>";
 		}