diff --git a/apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java b/apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
index 1863a6c171c90cc80c269cf077f6e1131142c760..bb156c7afe8b15a111823041c6429d842cd8e31b 100644
--- a/apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
+++ b/apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
@@ -2784,7 +2784,7 @@ public class I2PSnarkServlet extends BasicServlet {
String link = urlEncode(s);
String display;
if (s.length() <= max)
- display = DataHelper.escapeHTML(link);
+ display = escapeHTML2(link);
else
display = DataHelper.escapeHTML(s.substring(0, max)) + "…";
buf.append("<a href=\"").append(link).append("\">").append(display).append("</a>");
@@ -2801,6 +2801,24 @@ public class I2PSnarkServlet extends BasicServlet {
.replace("[", "%5B").replace("]", "%5D");
}
+ private static final String escapeChars[] = {"\"", "<", ">", "'"};
+ private static final String escapeCodes[] = {""", "<", ">", "'"};
+
+ /**
+ * Modded from DataHelper.
+ * Does not escape ampersand. String must already have escaped ampersand.
+ * @param unescaped the unescaped string, non-null
+ * @return the escaped string
+ * @since 0.9.33
+ */
+ private static String escapeHTML2(String unescaped) {
+ String escaped = unescaped;
+ for (int i = 0; i < escapeChars.length; i++) {
+ escaped = escaped.replace(escapeChars[i], escapeCodes[i]);
+ }
+ return escaped;
+ }
+
private static final String DOCTYPE = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n";
private static final String HEADER_A = "<link href=\"";
private static final String HEADER_B = "snark.css?" + CoreVersion.VERSION + "\" rel=\"stylesheet\" type=\"text/css\" >";