diff -u -urN mantis-1.1.0.orig/core/string_api.php mantis-1.1.0/core/string_api.php
--- mantis-1.1.0.orig/core/string_api.php	2008-01-13 20:07:45.270746335 +0100
+++ mantis-1.1.0/core/string_api.php	2008-01-13 20:13:04.752952588 +0100
@@ -716,7 +716,8 @@
 	# --------------------
 	# Checks the supplied string for scripting characters, if it contains any, then return true, otherwise return false.
 	function string_contains_scripting_chars( $p_string ) {
-		if ( ( strstr( $p_string, '<' ) !== false ) || ( strstr( $p_string, '>' ) !== false ) ) {
+		if ( ( strstr( $p_string, '<' ) !== false ) || ( strstr( $p_string, '>' ) !== false ) ||
+			 	( strstr( $p_string, '\'') !== false ) || ( strstr( $p_string, '"' ) !== false ) )
 			return true;
 		}