diff --git a/lib/XRay/Formats/Twitter.php b/lib/XRay/Formats/Twitter.php
index 56172c5..fdae499 100644
--- a/lib/XRay/Formats/Twitter.php
+++ b/lib/XRay/Formats/Twitter.php
@@ -277,7 +277,8 @@ class Twitter extends Format {
// Twitter escapes & as & in the text
$text = html_entity_decode($text);
- $html = str_replace("\n", "
\n", $text);
+ $html = htmlspecialchars($text);
+ $html = str_replace("\n", "
\n", $html);
if(property_exists($entities, 'user_mentions')) {
foreach($entities->user_mentions as $user) {
diff --git a/tests/TwitterTest.php b/tests/TwitterTest.php
index ba7492c..96d1d87 100644
--- a/tests/TwitterTest.php
+++ b/tests/TwitterTest.php
@@ -214,6 +214,15 @@ class TwitterTest extends PHPUnit_Framework_TestCase {
$this->assertEquals("Hey @OregonGovBrown @tedwheeler day 16 of #BHM is for @stream_pdx. An amazing podcast trailer run by @tyeshasnow helping to democratize story telling in #PDX. Folks can get training in the production of podcasts. @siliconflorist #SupportBlackBusiness", $tweet['content']['html']);
}
+ public function testTweetWithHTML() {
+ list($url, $json) = $this->loadTweet('tweet-with-html');
+
+ $data = $this->parse(['url' => $url, 'body' => $json]);
+
+ $this->assertContains('