--- comment.module	2005-09-14 13:08:54.000000000 +0200
+++ comment.module.edit	2005-09-14 13:49:10.000000000 +0200
@@ -439,6 +439,10 @@
   // Note: format is checked by check_output().
     $edit['subject'] = truncate_utf8(decode_entities(strip_tags(check_output($edit['comment'], $edit['format'], TRUE))), 29, TRUE);
   }
+  // Replacing Special Characters
+  $edit['subject'] = ereg_replace("<", "&lt;", $edit['subject']);
+  $edit['subject'] = ereg_replace(">", "&gt;", $edit['subject']);
+  $edit['subject'] = ereg_replace("\'", "&quot;", $edit['subject']);
 
   // Validate the comment's body.
   if ($edit['comment'] == '') {