diff --git a/lib/markdown2.py b/lib/markdown2.py
index aa74ab1b..750a50a0 100755
--- a/lib/markdown2.py
+++ b/lib/markdown2.py
@@ -2249,7 +2249,7 @@ def _encode_amps_and_angles(self, text):
         text = self._naked_gt_re.sub('>', text)
         return text
 
-    _incomplete_tags_re = re.compile(r"<(/?\w+?(?!\w).+?[\s/]+?)")
+    _incomplete_tags_re = re.compile(r"<(/?\w+?(?!\w)\s*?.+?[\s/]+?)")
 
     def _encode_incomplete_tags(self, text):
         if self.safe_mode not in ("replace", "escape"):
diff --git a/test/tm-cases/xss_issue_362.html b/test/tm-cases/xss_issue_362.html
new file mode 100644
index 00000000..9d878bd3
--- /dev/null
+++ b/test/tm-cases/xss_issue_362.html
@@ -0,0 +1,2 @@
+<p>&lt;iframe
+onload=alert()//</p>
diff --git a/test/tm-cases/xss_issue_362.opts b/test/tm-cases/xss_issue_362.opts
new file mode 100644
index 00000000..8d202ad0
--- /dev/null
+++ b/test/tm-cases/xss_issue_362.opts
@@ -0,0 +1 @@
+{"safe_mode": True}
\ No newline at end of file
diff --git a/test/tm-cases/xss_issue_362.text b/test/tm-cases/xss_issue_362.text
new file mode 100644
index 00000000..3016199a
--- /dev/null
+++ b/test/tm-cases/xss_issue_362.text
@@ -0,0 +1,2 @@
+<iframe
+onload=alert()//