Index: textpattern/include/txp_discuss.php
===================================================================
--- textpattern/include/txp_discuss.php	(revision 2100)
+++ textpattern/include/txp_discuss.php	(working copy)
@@ -342,10 +342,7 @@
 		{
 			extract($rs);
 
-			$message = preg_replace(
-				array('/</', '/>/'), 
-				array('&lt;', '&gt;')
-			, $message);
+			$message = escape_output($message);
 
 			if (fetch('ip', 'txp_discuss_ipban', 'ip', $ip))
 			{
Index: textpattern/publish/taghandlers.php
===================================================================
--- textpattern/publish/taghandlers.php	(revision 2100)
+++ textpattern/publish/taghandlers.php	(working copy)
@@ -1557,7 +1557,7 @@
 
 		$Form = fetch_form($form);
 
-		$preview = psas(array('name','email','web','message','parentid','remember'));
+		$preview = psa(array('name','email','web','message','parentid','remember'));
 		$preview['time'] = time();
 		$preview['discussid'] = 0;
 		if ($preview['message'] == '')
Index: textpattern/publish/comment.php
===================================================================
--- textpattern/publish/comment.php	(revision 2100)
+++ textpattern/publish/comment.php	(working copy)
@@ -73,7 +73,7 @@
 		$web   = clean_url(pcs('web'));
 		$n_message = 'message';
 
-		extract( doStripTags( doDeEnt ( psa( array(
+		extract( doDeEnt ( psa( array(
 			'checkbox_type',
 			'remember',
 			'forget',
@@ -82,11 +82,11 @@
 			'message',
 			'submit',
 			'backpage'
-		) ) ) ) );
+		) ) ) );
 		if ($message == '')
 		{	//Second or later preview will have randomized message-field name
 			$in = getComment();
-			$message = doStripTags(doDeEnt($in['message']));
+			$message = doDeEnt($in['message']);
 		}
 		if ( $preview ) {
 			$name  = ps('name');