diff --git a/wp-mail.php b/wp-mail.php
index 8ccdf03b6..7994babde 100644
--- a/wp-mail.php
+++ b/wp-mail.php
@@ -181,12 +181,12 @@ for ($i=1; $i <= $count; $i++) :
 
 	do_action('publish_phone', $post_ID);
 
-	echo "\n<p><b>Author:</b> $post_author</p>";
-	echo "\n<p><b>Posted title:</b> $post_title<br />";
-	echo "\n<b>Posted content:</b><br /><pre>".$content.'</pre></p>';
+	echo "\n<p><b>Author:</b> " . wp_specialchars($post_author) . "</p>";
+	echo "\n<p><b>Posted title:</b> " . sanitize_post_field('post_title', $post_title, $post_ID, 'display') . "<br />";
+	echo "\n<b>Posted content:</b><br /><pre>". sanitize_post_field('post_content', $post_content, $post_ID, 'display') . '</pre></p>';
 
 	if(!$pop3->delete($i)) {
-		echo '<p>Oops '.$pop3->ERROR.'</p></div>';
+		echo '<p>Oops '.wp_specialchars($pop3->ERROR).'</p></div>';
 		$pop3->reset();
 		exit;
 	} else {