diff --git a/modules/comment/comment.controller.php b/modules/comment/comment.controller.php
index 64105c65f..9031179c1 100644
--- a/modules/comment/comment.controller.php
+++ b/modules/comment/comment.controller.php
@@ -206,6 +206,10 @@
             $obj->content = preg_replace('!<\!--(Before|After)(Document|Comment)\(([0-9]+),([0-9]+)\)-->!is', '', $obj->content);
 			if(Mobile::isFromMobilePhone())
 			{
+				if($obj->use_html != 'Y')
+				{
+					$obj->content = htmlspecialchars($obj->content);
+				}
 				$obj->content = nl2br($obj->content);
 			}
             if(!$obj->regdate) $obj->regdate = date("YmdHis");
diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php
index 27f4e2a8e..8c87220a2 100644
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@@ -235,6 +235,10 @@ class documentController extends document {
 		$obj->content = preg_replace('!<\!--(Before|After)(Document|Comment)\(([0-9]+),([0-9]+)\)-->!is', '', $obj->content);
 		if(Mobile::isFromMobilePhone())
 		{
+			if($obj->use_html != 'Y')
+			{
+				$obj->content = htmlspecialchars($obj->content);
+			}
 			$obj->content = nl2br($obj->content);
 		}
 		// Remove iframe and script if not a top adminisrator in the session.