diff --git a/includes/class-mention.php b/includes/class-mention.php
index a072bde..6798833 100644
--- a/includes/class-mention.php
+++ b/includes/class-mention.php
@@ -27,8 +27,12 @@ class Mention {
 	public static function the_content( $the_content ) {
 		$protected_tags = array();
 		$protect = function( $m ) use ( &$protected_tags ) {
-			$c = count( $protected_tags );
+			$c = \rand( 100000, 999999 );
 			$protect = '!#!#PROTECT' . $c . '#!#!';
+			while ( isset( $protected_tags[ $protect ] ) ) {
+				$c = \rand( 100000, 999999 );
+				$protect = '!#!#PROTECT' . $c . '#!#!';
+			}
 			$protected_tags[ $protect ] = $m[0];
 			return $protect;
 		};
@@ -78,8 +82,7 @@ class Mention {
 			if ( ! empty( $metadata['preferredUsername'] ) ) {
 				$username = $metadata['preferredUsername'];
 			}
-			$username = '@<span>' . $username . '</span>';
-			return \sprintf( '<a rel="mention" class="u-url mention" href="%s">%s</a>', $metadata['url'], $username );
+			return \sprintf( '<a rel="mention" class="u-url mention" href="%s">@<span>%s</span></a>', esc_url( $metadata['url'] ), esc_html( $username ) );
 		}
 
 		return $result[0];