diff --git a/src/Framework/Util/Util.php b/src/Framework/Util/Util.php
index 18751dc..328e7d2 100644
--- a/src/Framework/Util/Util.php
+++ b/src/Framework/Util/Util.php
@@ -1,13 +1,15 @@
 <?php
 class Util {
-    public static function escape_and_linkify(string $text): string {
+    public static function escape_and_linkify(string $text, int $flags = ENT_NOQUOTES | ENT_HTML5, bool $new_window = true ): string {
         // escape dangerous characters, but preserve quotes
-        $safe = htmlspecialchars($text, ENT_NOQUOTES | ENT_HTML5, 'UTF-8');
+        $safe = htmlspecialchars($text, $flags, 'UTF-8');
+
+        $link_attrs = $new_window ? ' target="_blank" rel="noopener noreferrer"' : '';
 
         // convert URLs to links
         $safe = preg_replace_callback(
             '~(https?://[^\s<>"\'()]+)~i',
-            fn($matches) => '<a href="' . htmlspecialchars($matches[1], ENT_QUOTES, 'UTF-8') . '" target="_blank" rel="noopener noreferrer">' . $matches[1] . '</a>',
+            fn($matches) => '<a href="' . htmlspecialchars($matches[1], ENT_QUOTES, 'UTF-8') . '"' . $link_attrs . '>' . $matches[1] . '</a>',
             $safe
         );
 
diff --git a/templates/feed/atom.php b/templates/feed/atom.php
index d57a5f9..0a21399 100644
--- a/templates/feed/atom.php
+++ b/templates/feed/atom.php
@@ -13,11 +13,11 @@ echo '<?xml version="1.0" encoding="utf-8"?>' . "\n";
   <title><?= "$siteTitle Atom Feed" ?></title>
   <link rel="self"
         type="application/atom+xml"
-        title="<?php echo htmlspecialchars($config->siteTitle) ?> Atom Feed"
-        href="<?php echo htmlspecialchars($siteUrl . $basePath) ?>feed/atom">
-  <link rel="alternate" href="<?= $siteUrl ?>">
+        title="<?php echo htmlspecialchars($config->siteTitle, ENT_XML1, 'UTF-8') ?> Atom Feed"
+        href="<?php echo htmlspecialchars($siteUrl . $basePath, ENT_XML1, 'UTF-8') ?>feed/atom">
+  <link rel="alternate" href="<?= $siteUrl . $basePath ?>">
   <updated><?= $updated ?></updated>
-  <id><?= $siteUrl ?></id>
+  <id><?= $siteUrl . $basePath . 'feed/atom'?></id>
   <author>
         <name><?= $siteTitle ?></name>
   </author>
@@ -30,16 +30,17 @@ echo '<?xml version="1.0" encoding="utf-8"?>' . "\n";
     [$hour, $minute, $second] = $timeParts;
 
     $tickPath = "$year/$month/$day/$hour/$minute/$second";
-    $tickUrl = htmlspecialchars($siteUrl . $basePath . "tick/$tickPath");
+    $tickUrl = htmlspecialchars($siteUrl . $basePath . "tick/$tickPath", ENT_XML1, 'UTF-8');
     $tickTime = date(DATE_ATOM, strtotime($tick['timestamp']));
-    $tickText = htmlspecialchars($tick['tick']);
+    $tickTitle = htmlspecialchars($tick['tick'], ENT_XML1, 'UTF-8');
+    $tickContent = Util::escape_and_linkify($tick['tick'], ENT_XML1, false);
 ?>
   <entry>
-    <title><?= $tickText ?></title>
-    <link href="<?= $tickUrl ?>"/>
+    <title><?= $tickTitle ?></title>
+    <link rel="alternate" type="text/html" href="<?= $tickUrl ?>"/>
     <id><?= $tickUrl ?></id>
     <updated><?= $tickTime ?></updated>
-    <content type="html"><?= $tickText ?></content>
+    <content type="html"><?= $tickContent ?></content>
   </entry>
 <?php endforeach; ?>
 </feed>
diff --git a/templates/feed/rss.php b/templates/feed/rss.php
index 534744e..5455d70 100644
--- a/templates/feed/rss.php
+++ b/templates/feed/rss.php
@@ -9,15 +9,9 @@ echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
 ?>
 <rss version="2.0">
 <channel>
-    <title><?php echo htmlspecialchars($config->siteTitle) ?> RSS Feed</title>
-    <link rel="self"
-          type="application/rss+xml"
-          title="<?php echo htmlspecialchars($config->siteTitle) ?> RSS Feed"
-          href="<?php echo htmlspecialchars($config->baseUrl . $config->basePath)?>feed/rss/">
-    <link rel="alternate"
-          type="text/html"
-          href="<?php echo htmlspecialchars($config->baseUrl . $config->basePath) ?>">
-    <description><?php echo htmlspecialchars($config->siteDescription) ?></description>
+    <title><?php echo htmlspecialchars($config->siteTitle, ENT_XML1, 'UTF-8') ?> RSS Feed</title>
+    <link><?php echo htmlspecialchars($config->baseUrl . $config->basePath, ENT_XML1, 'UTF-8')?></link>
+    <description><?php echo htmlspecialchars($config->siteDescription, ENT_XML1, 'UTF-8') ?></description>
     <language>en-us</language>
     <lastBuildDate><?php echo date(DATE_RSS); ?></lastBuildDate>
 <?php foreach ($ticks as $tick):
@@ -29,13 +23,14 @@ echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
     [$hour, $minute, $second] = $timeParts;
 
     $tickPath = "$year/$month/$day/$hour/$minute/$second";
+    $tickUrl = $config->baseUrl . $config->basePath . $tickPath;
 ?>
     <item>
-        <title><?php echo htmlspecialchars($tick['tick']); ?></title>
-        <link><?php echo htmlspecialchars($config->baseUrl . $config->basePath . "tick/$tickPath"); ?></link>
-        <description><?php echo htmlspecialchars($tick['tick']); ?></description>
+        <title><?php echo htmlspecialchars($tick['tick'], ENT_XML1, 'UTF-8'); ?></title>
+        <link><?php echo htmlspecialchars($config->baseUrl . $config->basePath . "tick/$tickPath", ENT_XML1, 'UTF-8'); ?></link>
+        <description><?php echo Util::escape_and_linkify($tick['tick'], ENT_XML1, false); ?></description>
         <pubDate><?php echo date(DATE_RSS, strtotime($tick['timestamp'])); ?></pubDate>
-        <guid><?php echo htmlspecialchars($tickPath); ?></guid>
+        <guid><?php echo htmlspecialchars($tickUrl, ENT_XML1, 'UTF-8'); ?></guid>
     </item>
 <?php endforeach; ?>
 </channel>