- sprintf(_("Are you sure you want to delete %s?"), imap_utf7_decode_local($mailbox)).
- '<FORM ACTION="folders_delete.php" METHOD="POST"><p>'.
-
- '<INPUT TYPE=HIDDEN NAME="mailbox" VALUE="' . htmlspecialchars($mailbox) . "\">\n" .
+ sprintf(_("Are you sure you want to delete %s?"), str_replace(array(' ','<','>'),array(' ','<','>'),imap_utf7_decode_local($mailbox))).
+ addForm('folders_delete.php', 'POST').
+ addHidden('mailbox', $mailbox).