diff --git a/js/twister_formatpost.js b/js/twister_formatpost.js
index d081026..76d8326 100644
--- a/js/twister_formatpost.js
+++ b/js/twister_formatpost.js
@@ -482,8 +482,8 @@ function htmlFormatMsg(msg, mentions) {
                     if (i < k) {
                         var x = getSubStrEnd(msg.str, i, ':', false, '') + 1;
                         // following check is NOT for real protection (we have blocking CSP rule instead), it's just to aware people
-                        if (x > i && x < k && (msg.str.slice(x - 6, x).toLowerCase() === 'script'  // other things would be added when W3C and all the people invent it
-                            || msg.str.slice(x - 4, x).toLowerCase() === 'data')) {
+                        if (msg.str[i] === '#' || (x > i && x < k && (msg.str.slice(x - 6, x).toLowerCase() === 'script'  // other things would be added when W3C and all the people invent it
+                            || msg.str.slice(x - 4, x).toLowerCase() === 'data'))) {
                             msg = msgAddHtmlEntity(msg, j - 1, getSubStrEnd(msg.str, k + 1, ')', true, '') + 2,
                                 '…<br><b><i>' + polyglot.t('busted_oh') + '</i> '
                                 + polyglot.t('busted_avowal') + ':</b><br><samp>'