diff --git a/app/assets/javascripts/discourse/lib/quote.js.es6 b/app/assets/javascripts/discourse/lib/quote.js.es6
index bf1d290a5f0..8dee8809818 100644
--- a/app/assets/javascripts/discourse/lib/quote.js.es6
+++ b/app/assets/javascripts/discourse/lib/quote.js.es6
@@ -4,41 +4,32 @@ export default {
 
   // Build the BBCode quote around the selected text
   build(post, contents, opts) {
-    var contents_hashed, result, sansQuotes, stripped, stripped_hashed, tmp;
-    var full = opts && opts["full"];
-    var raw = opts && opts["raw"];
-
     if (!post) { return ""; }
 
     if (!contents) contents = "";
 
-    sansQuotes = contents.replace(this.REGEXP, '').trim();
+    const sansQuotes = contents.replace(this.REGEXP, "").trim();
     if (sansQuotes.length === 0) { return ""; }
 
-    // Escape the content of the quote
-    sansQuotes = sansQuotes.replace(/</g, "&lt;")
-                           .replace(/>/g, "&gt;");
+    // Strip the HTML from cooked
+    const stripped = $("<div/>").html(post.get("cooked")).text();
 
-    result = "[quote=\"" + post.get('username') + ", post:" + post.get('post_number') + ", topic:" + post.get('topic_id');
+    // Let's remove any non-word characters as a kind of hash.
+    // Yes it's not accurate but it should work almost every time we need it to.
+    // It would be unlikely that the user would quote another post that matches in exactly this way.
+    const sameContent = stripped.replace(/\W/g, "") === contents.replace(/\W/g, "");
 
-    /* Strip the HTML from cooked */
-    tmp = document.createElement('div');
-    tmp.innerHTML = post.get('cooked');
-    stripped = tmp.textContent || tmp.innerText || "";
+    const params = [
+      post.get("username"),
+      `post:${post.get("post_number")}`,
+      `topic:${post.get("topic_id")}`,
+    ];
 
-    /*
-      Let's remove any non alphanumeric characters as a kind of hash. Yes it's
-      not accurate but it should work almost every time we need it to. It would be unlikely
-      that the user would quote another post that matches in exactly this way.
-    */
-    stripped_hashed = stripped.replace(/[^a-zA-Z0-9]/g, '');
-    contents_hashed = contents.replace(/[^a-zA-Z0-9]/g, '');
+    opts = opts || {};
 
-    /* If the quote is the full message, attribute it as such */
-    if (full || stripped_hashed === contents_hashed) result += ", full:true";
-    result += "\"]\n" + (raw ? contents : sansQuotes) + "\n[/quote]\n\n";
+    if (opts["full"] || sameContent) params.push("full:true");
 
-    return result;
+    return `[quote="${params.join(", ")}"]\n${opts["raw"] ? contents : sansQuotes}\n[/quote]\n\n`;
   }
 
 };
diff --git a/test/javascripts/lib/pretty-text-test.js.es6 b/test/javascripts/lib/pretty-text-test.js.es6
index a78e958d4a5..892a9aca49c 100644
--- a/test/javascripts/lib/pretty-text-test.js.es6
+++ b/test/javascripts/lib/pretty-text-test.js.es6
@@ -717,10 +717,6 @@ QUnit.test("quotes", assert => {
               "[quote=\"eviltrout, post:1, topic:2, full:true\"]\n**lorem** ipsum\n[/quote]\n\n",
                "keeps BBCode formatting");
 
-  formatQuote("this is <not> a bug",
-              "[quote=\"eviltrout, post:1, topic:2\"]\nthis is &lt;not&gt; a bug\n[/quote]\n\n",
-              "it escapes the contents of the quote");
-
   assert.cooked("[quote]\ntest\n[/quote]",
          "<aside class=\"quote no-group\">\n<blockquote>\n<p>test</p>\n</blockquote>\n</aside>",
          "it supports quotes without params");