diff --git a/src/messenger/webim/libs/chat.php b/src/messenger/webim/libs/chat.php
index 969dc318..827063a0 100644
--- a/src/messenger/webim/libs/chat.php
+++ b/src/messenger/webim/libs/chat.php
@@ -82,7 +82,7 @@ function post_message($threadid, $kind, $message, $from = null, $agentid = null)
 
 function prepare_html_message($text)
 {
-	$escaped_text = htmlspecialchars($text);
+	$escaped_text = safe_htmlspecialchars($text);
 	$text_w_links = preg_replace('/(http|ftp):\/\/\S*/', '<a href="$0" target="_blank">$0</a>', $escaped_text);
 	$multiline = str_replace("\n", "<br/>", $text_w_links);
 	return $multiline;
@@ -95,7 +95,7 @@ function message_to_html($msg)
 	$message = "<span>" . date("H:i:s", $msg['created']) . "</span> ";
 	$kind = $kind_to_string{$msg['ikind']};
 	if ($msg['tname'])
-		$message .= "<span class=\"n$kind\">" . htmlspecialchars($msg['tname']) . "</span>: ";
+		$message .= "<span class=\"n$kind\">" . safe_htmlspecialchars($msg['tname']) . "</span>: ";
 	$message .= "<span class=\"m$kind\">" . prepare_html_message($msg['tmessage']) . "</span><br/>";
 	return $message;
 }
@@ -166,7 +166,7 @@ function print_thread_messages($thread, $token, $lastid, $isuser, $format, $agen
 		$output = get_messages($threadid, "xml", $isuser, $lastid);
 
 		start_xml_output();
-		print("<thread lastid=\"$lastid\" typing=\"" . htmlspecialchars($istyping) . "\" canpost=\"" . (($isuser || $agentid != null && $agentid == $thread['agentId']) ? 1 : 0) . "\">");
+		print("<thread lastid=\"$lastid\" typing=\"" . safe_htmlspecialchars($istyping) . "\" canpost=\"" . (($isuser || $agentid != null && $agentid == $thread['agentId']) ? 1 : 0) . "\">");
 		foreach ($output as $msg) {
 			print $msg;
 		}
@@ -176,13 +176,13 @@ function print_thread_messages($thread, $token, $lastid, $isuser, $format, $agen
 		$output = get_messages($threadid, "html", $isuser, $lastid);
 
 		start_html_output();
-		$url = "$webimroot/thread.php?act=refresh&amp;thread=" . htmlspecialchars($threadid) . "&amp;token=" . htmlspecialchars($token) . "&amp;html=on&amp;user=" . ($isuser ? "true" : "false");
+		$url = "$webimroot/thread.php?act=refresh&amp;thread=" . safe_htmlspecialchars($threadid) . "&amp;token=" . safe_htmlspecialchars($token) . "&amp;html=on&amp;user=" . ($isuser ? "true" : "false");
 
 		print(
 				"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">" .
 				"<html>\n<head>\n" .
 				"<link href=\"$webimroot/styles/default/chat.css\" rel=\"stylesheet\" type=\"text/css\">\n" .
-				"<meta http-equiv=\"Refresh\" content=\"" . htmlspecialchars($settings['updatefrequency_oldchat']) . "; URL=$url&amp;sn=11\">\n" .
+				"<meta http-equiv=\"Refresh\" content=\"" . safe_htmlspecialchars($settings['updatefrequency_oldchat']) . "; URL=$url&amp;sn=11\">\n" .
 				"<meta http-equiv=\"Pragma\" content=\"no-cache\">\n" .
 				"<title>chat</title>\n" .
 				"</head>\n" .
@@ -290,9 +290,9 @@ function setup_logo()
 {
 	global $page, $settings;
 	loadsettings();
-	$page['ct.company.name'] = htmlspecialchars(topage($settings['title']));
-	$page['ct.company.chatLogoURL'] = htmlspecialchars(topage($settings['logo']));
-	$page['webimHost'] = htmlspecialchars(topage($settings['hosturl']));
+	$page['ct.company.name'] = safe_htmlspecialchars(topage($settings['title']));
+	$page['ct.company.chatLogoURL'] = safe_htmlspecialchars(topage($settings['logo']));
+	$page['webimHost'] = safe_htmlspecialchars(topage($settings['hosturl']));
 }
 
 function setup_leavemessage($name, $email, $message, $groupid, $groupname, $info, $referrer, $canshowcaptcha)
@@ -337,7 +337,7 @@ function setup_survey($name, $email, $groupid, $info, $referrer, $canshowcaptcha
 				$groupname .= " (offline)";
 			}
 			$isselected = $k['groupid'] == $groupid;
-			$val .= "<option value=\"" . htmlspecialchars($k['groupid']) . "\"" . ($isselected ? " selected=\"selected\"" : "") . ">" . htmlspecialchars($groupname) . "</option>";
+			$val .= "<option value=\"" . safe_htmlspecialchars($k['groupid']) . "\"" . ($isselected ? " selected=\"selected\"" : "") . ">" . safe_htmlspecialchars($groupname) . "</option>";
 		}
 		$page['groups'] = $val;
 	}
@@ -359,11 +359,11 @@ function setup_chatview_for_user($thread, $level)
 	$page['displ1'] = $nameisset ? "none" : "inline";
 	$page['displ2'] = $nameisset ? "inline" : "none";
 	$page['level'] = $level;
-	$page['ct.chatThreadId'] = htmlspecialchars($thread['threadid']);
-	$page['ct.token'] = htmlspecialchars($thread['ltoken']);
-	$page['ct.user.name'] = htmlspecialchars(topage($thread['userName']));
+	$page['ct.chatThreadId'] = safe_htmlspecialchars($thread['threadid']);
+	$page['ct.token'] = safe_htmlspecialchars($thread['ltoken']);
+	$page['ct.user.name'] = safe_htmlspecialchars(topage($thread['userName']));
 	$page['canChangeName'] = $settings['usercanchangename'] == "1";
-	$page['chat.title'] = htmlspecialchars(topage($settings['chattitle']));
+	$page['chat.title'] = safe_htmlspecialchars(topage($settings['chattitle']));
 
 	setup_logo();
 	if ($settings['sendmessagekey'] == 'enter') {
@@ -375,10 +375,10 @@ function setup_chatview_for_user($thread, $level)
 	}
 
 	$params = "thread=" . $thread['threadid'] . "&token=" . $thread['ltoken'];
-	$page['mailLink'] = htmlspecialchars("$webimroot/client.php?" . $params . "&level=$level&act=mailthread");
+	$page['mailLink'] = safe_htmlspecialchars("$webimroot/client.php?" . $params . "&level=$level&act=mailthread");
 
 	if ($settings['enablessl'] == "1" && !is_secure_request()) {
-		$page['sslLink'] = htmlspecialchars(get_app_location(true, true) . "/client.php?" . $params . "&level=$level");
+		$page['sslLink'] = safe_htmlspecialchars(get_app_location(true, true) . "/client.php?" . $params . "&level=$level");
 	}
 
 	$page['isOpera95'] = is_agent_opera95();
@@ -420,10 +420,10 @@ function setup_chatview_for_operator($thread, $operator)
 	$page['agent'] = true;
 	$page['user'] = false;
 	$page['canpost'] = $thread['agentId'] == $operator['operatorid'];
-	$page['ct.chatThreadId'] = htmlspecialchars($thread['threadid']);
-	$page['ct.token'] = htmlspecialchars($thread['ltoken']);
-	$page['ct.user.name'] = htmlspecialchars(topage(get_user_name($thread['userName'], $thread['remote'], $thread['userid'])));
-	$page['chat.title'] = htmlspecialchars(topage($settings['chattitle']));
+	$page['ct.chatThreadId'] = safe_htmlspecialchars($thread['threadid']);
+	$page['ct.token'] = safe_htmlspecialchars($thread['ltoken']);
+	$page['ct.user.name'] = safe_htmlspecialchars(topage(get_user_name($thread['userName'], $thread['remote'], $thread['userid'])));
+	$page['chat.title'] = safe_htmlspecialchars(topage($settings['chattitle']));
 
 	setup_logo();
 	if ($settings['sendmessagekey'] == 'enter') {
@@ -435,20 +435,20 @@ function setup_chatview_for_operator($thread, $operator)
 	}
 
 	if ($settings['enablessl'] == "1" && !is_secure_request()) {
-		$page['sslLink'] = htmlspecialchars(get_app_location(true, true) . "/operator/agent.php?thread=" . $thread['threadid'] . "&token=" . $thread['ltoken']);
+		$page['sslLink'] = safe_htmlspecialchars(get_app_location(true, true) . "/operator/agent.php?thread=" . $thread['threadid'] . "&token=" . $thread['ltoken']);
 	}
 	$page['isOpera95'] = is_agent_opera95();
 	$page['neediframesrc'] = needsFramesrc();
 	$page['historyParams'] = array("userid" => "" . $thread['userid']);
-	$page['historyParamsLink'] = htmlspecialchars(add_params($webimroot . "/operator/userhistory.php", $page['historyParams']));
+	$page['historyParamsLink'] = safe_htmlspecialchars(add_params($webimroot . "/operator/userhistory.php", $page['historyParams']));
 	$predefinedres = "";
 	$canned_messages = load_canned_messages($thread['locale'], $thread['groupid']);
 	foreach ($canned_messages as $answer) {
-		$predefinedres .= "<option>" . htmlspecialchars(topage($answer['vcvalue'])) . "</option>";
+		$predefinedres .= "<option>" . safe_htmlspecialchars(topage($answer['vcvalue'])) . "</option>";
 	}
 	$page['predefinedAnswers'] = $predefinedres;
 	$params = "thread=" . $thread['threadid'] . "&token=" . $thread['ltoken'];
-	$page['redirectLink'] = htmlspecialchars("$webimroot/operator/agent.php?" . $params . "&act=redirect");
+	$page['redirectLink'] = safe_htmlspecialchars("$webimroot/operator/agent.php?" . $params . "&act=redirect");
 
 	$page['namePostfix'] = "";
 	$page['frequency'] = $settings['updatefrequency_chat'];
diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php
index a325f694..c1d60f2c 100644
--- a/src/messenger/webim/libs/common.php
+++ b/src/messenger/webim/libs/common.php
@@ -59,7 +59,7 @@ function verifyparam($name, $regexp, $default = null)
 		if (isset($default))
 			return $default;
 	}
-	echo "<html><head></head><body>Wrong parameter used or absent: " . htmlspecialchars($name) . "</body></html>";
+	echo "<html><head></head><body>Wrong parameter used or absent: " . safe_htmlspecialchars($name) . "</body></html>";
 	exit;
 }
 
@@ -425,7 +425,7 @@ function form_value($key)
 {
 	global $page;
 	if (isset($page) && isset($page["form$key"]))
-		return htmlspecialchars($page["form$key"]);
+		return safe_htmlspecialchars($page["form$key"]);
 	return "";
 }
 
@@ -454,7 +454,7 @@ function no_field($key)
 function failed_uploading_file($filename, $key)
 {
 	return getlocal2("errors.failed.uploading.file",
-		array(htmlspecialchars($filename), getlocal($key)));
+		array(safe_htmlspecialchars($filename), getlocal($key)));
 }
 
 function wrong_field($key)
@@ -473,8 +473,8 @@ function get_popup($href, $jshref, $message, $title, $wndName, $options)
 function get_image($href, $width, $height)
 {
 	if ($width != 0 && $height != 0)
-		return "<img src=\"" . htmlspecialchars($href) . "\" border=\"0\" width=\"" . htmlspecialchars($width) . "\" height=\"" . htmlspecialchars($height) . "\" alt=\"\"/>";
-	return "<img src=\"" . htmlspecialchars($href) . "\" border=\"0\" alt=\"\"/>";
+		return "<img src=\"" . safe_htmlspecialchars($href) . "\" border=\"0\" width=\"" . safe_htmlspecialchars($width) . "\" height=\"" . safe_htmlspecialchars($height) . "\" alt=\"\"/>";
+	return "<img src=\"" . safe_htmlspecialchars($href) . "\" border=\"0\" alt=\"\"/>";
 }
 
 function get_gifimage_size($filename)
@@ -780,7 +780,7 @@ function sanitize_string($string, $tags_level = 'high', $attr_level = 'high')
 				}
 
 				$replacement = '<' . $elements[1][$key] . $new_attributes . '>';
-				$string = preg_replace( '/' . reg_escape($elements[0][$key]) . '/', $replacement, $string );
+				$string = preg_replace( '/' . sanitize_reg_escape($elements[0][$key]) . '/', $replacement, $string );
 
 			}
 		}
@@ -790,7 +790,8 @@ function sanitize_string($string, $tags_level = 'high', $attr_level = 'high')
 	return $string;
 }
 
-function reg_escape ($string) {
+function sanitize_reg_escape($string)
+{
 
 	$conversions = array(	"^" => "\^",
 				"[" => "\[",
@@ -812,4 +813,12 @@ function reg_escape ($string) {
 	return strtr($string, $conversions);
 }
 
+/* wrapper for htmlspecialchars with single quotes conversion enabled
+   by default */
+
+function safe_htmlspecialchars($string)
+{
+    return htmlspecialchars($string, ENT_QUOTES);
+}
+
 ?>
diff --git a/src/messenger/webim/libs/getcode.php b/src/messenger/webim/libs/getcode.php
index 8104a96e..0d72fca8 100644
--- a/src/messenger/webim/libs/getcode.php
+++ b/src/messenger/webim/libs/getcode.php
@@ -36,9 +36,9 @@ function generate_button($title, $locale, $style, $group, $inner, $showhost, $fo
 		$link = append_query($link, "group=$group");
 
 	$modsecfix = $modsecurity ? ".replace('http://','').replace('https://','')" : "";
-	$jslink = htmlspecialchars(append_query("'" . $link, "url='+escape(document.location.href$modsecfix)+'&referrer='+escape(document.referrer$modsecfix)"));
-	$temp = get_popup(htmlspecialchars($link), "$jslink",
-					  $inner, htmlspecialchars($title), "webim", "toolbar=0,scrollbars=0,location=0,status=1,menubar=0,width=640,height=480,resizable=1");
+	$jslink = safe_htmlspecialchars(append_query("'" . $link, "url='+escape(document.location.href$modsecfix)+'&referrer='+escape(document.referrer$modsecfix)"));
+	$temp = get_popup(safe_htmlspecialchars($link), "$jslink",
+					  $inner, safe_htmlspecialchars($title), "webim", "toolbar=0,scrollbars=0,location=0,status=1,menubar=0,width=640,height=480,resizable=1");
 	return "<!-- mibew button -->" . $temp . "<!-- / mibew button -->";
 }
 
diff --git a/src/messenger/webim/libs/operator.php b/src/messenger/webim/libs/operator.php
index 55ffd40c..1b38c824 100755
--- a/src/messenger/webim/libs/operator.php
+++ b/src/messenger/webim/libs/operator.php
@@ -305,8 +305,8 @@ function setup_redirect_links($threadid, $token)
 				)
 				: "";
 		$agent_list .= "<li><a href=\"" . add_params($webimroot . "/operator/redirect.php", $params) .
-					   "\" title=\"" . htmlspecialchars(topage(get_operator_name($agent))) . "\">" .
-					   htmlspecialchars(topage(get_operator_name($agent))) .
+					   "\" title=\"" . safe_htmlspecialchars(topage(get_operator_name($agent))) . "\">" .
+					   safe_htmlspecialchars(topage(get_operator_name($agent))) .
 					   "</a> $status</li>";
 	}
 	$page['redirectToAgent'] = $agent_list;
@@ -322,8 +322,8 @@ function setup_redirect_links($threadid, $token)
 							? getlocal("char.redirect.operator.away_suff")
 							: "");
 			$group_list .= "<li><a href=\"" . add_params($webimroot . "/operator/redirect.php", $params) .
-						   "\" title=\"" . htmlspecialchars(topage(get_group_name($group))) . "\">" .
-						   htmlspecialchars(topage(get_group_name($group))) .
+						   "\" title=\"" . safe_htmlspecialchars(topage(get_group_name($group))) . "\">" .
+						   safe_htmlspecialchars(topage(get_group_name($group))) .
 						   "</a> $status</li>";
 		}
 	}
diff --git a/src/messenger/webim/libs/pagination.php b/src/messenger/webim/libs/pagination.php
index 46ef2b59..d2164863 100644
--- a/src/messenger/webim/libs/pagination.php
+++ b/src/messenger/webim/libs/pagination.php
@@ -23,13 +23,13 @@ function generate_pagination_link($page, $title, $raw = false)
 	$lnk = $_SERVER['REQUEST_URI'];
 	$href = preg_replace("/\?page=\d+\&/", "?", preg_replace("/\&page=\d+/", "", $lnk));
 	$href .= strstr($href, "?") ? "&page=$page" : "?page=$page";
-	return "<a href=\"" . htmlspecialchars($href) . "\" class=\"pagelink\">" . ($raw ? $title : htmlspecialchars($title)) . "</a>";
+	return "<a href=\"" . safe_htmlspecialchars($href) . "\" class=\"pagelink\">" . ($raw ? $title : safe_htmlspecialchars($title)) . "</a>";
 }
 
 function generate_pagination_image($id, $alt)
 {
 	global $webimroot;
-	return "<img src=\"$webimroot/images/$id.gif\" border=\"0\" alt=\"" . htmlspecialchars($alt) . "\"/>";
+	return "<img src=\"$webimroot/images/$id.gif\" border=\"0\" alt=\"" . safe_htmlspecialchars($alt) . "\"/>";
 }
 
 function prepare_pagination($items_count, $default_items_per_page = 15)
diff --git a/src/messenger/webim/libs/userinfo.php b/src/messenger/webim/libs/userinfo.php
index 2080b4c9..1836ef37 100644
--- a/src/messenger/webim/libs/userinfo.php
+++ b/src/messenger/webim/libs/userinfo.php
@@ -50,9 +50,9 @@ function get_user_addr($addr)
 	global $settings;
 	if ($settings['geolink'] && preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $addr, $matches)) {
 		$userip = $matches[1];
-		return get_popup(htmlspecialchars(str_replace("{ip}", $userip, $settings['geolink'])), '', htmlspecialchars($addr), "GeoLocation", htmlspecialchars("ip$userip"), htmlspecialchars($settings['geolinkparams']));
+		return get_popup(safe_htmlspecialchars(str_replace("{ip}", $userip, $settings['geolink'])), '', safe_htmlspecialchars($addr), "GeoLocation", safe_htmlspecialchars("ip$userip"), safe_htmlspecialchars($settings['geolinkparams']));
 	}
-	return htmlspecialchars($addr);
+	return safe_htmlspecialchars($addr);
 }
 
 ?>
\ No newline at end of file
diff --git a/src/messenger/webim/operator/ban.php b/src/messenger/webim/operator/ban.php
index f8cb7a59..cb9a05d3 100644
--- a/src/messenger/webim/operator/ban.php
+++ b/src/messenger/webim/operator/ban.php
@@ -54,7 +54,7 @@ if (isset($_POST['address'])) {
 
 	if ((!$banId && $existing_ban) ||
 		($banId && $existing_ban && $banId != $existing_ban['banid'])) {
-		$errors[] = getlocal2("ban.error.duplicate", array(htmlspecialchars($address), htmlspecialchars($existing_ban['banid'])));
+		$errors[] = getlocal2("ban.error.duplicate", array(safe_htmlspecialchars($address), safe_htmlspecialchars($existing_ban['banid'])));
 	}
 
 	if (count($errors) == 0) {
diff --git a/src/messenger/webim/operator/index.php b/src/messenger/webim/operator/index.php
index 764d2c59..439fd97c 100644
--- a/src/messenger/webim/operator/index.php
+++ b/src/messenger/webim/operator/index.php
@@ -30,7 +30,7 @@ $page = array(
 	'localeLinks' => get_locale_links("$webimroot/operator/index.php"),
 	'needUpdate' => $settings['dbversion'] != $dbversion,
 	'needChangePassword' => $operator['vcpassword'] == md5(''),
-	'profilePage' => "$webimroot/operator/operator.php?op=".htmlspecialchars($operator['operatorid']),
+	'profilePage' => "$webimroot/operator/operator.php?op=".safe_htmlspecialchars($operator['operatorid']),
 	'updateWizard' => "$webimroot/install/",
 	'newFeatures' => $settings['featuresversion'] != $featuresversion,
 	'featuresPage' => "$webimroot/operator/features.php",
diff --git a/src/messenger/webim/operator/redirect.php b/src/messenger/webim/operator/redirect.php
index 51578081..d4807b03 100644
--- a/src/messenger/webim/operator/redirect.php
+++ b/src/messenger/webim/operator/redirect.php
@@ -39,7 +39,7 @@ if (isset($_GET['nextGroup'])) {
 	$nextGroup = group_by_id($nextid);
 
 	if ($nextGroup) {
-		$page['message'] = getlocal2("chat.redirected.group.content", array(htmlspecialchars(topage(get_group_name($nextGroup)))));
+		$page['message'] = getlocal2("chat.redirected.group.content", array(safe_htmlspecialchars(topage(get_group_name($nextGroup)))));
 		if ($thread['istate'] == $state_chatting) {
 			$link = connect();
 			commit_thread($threadid,
@@ -60,7 +60,7 @@ if (isset($_GET['nextGroup'])) {
 	$nextOperator = operator_by_id($nextid);
 
 	if ($nextOperator) {
-		$page['message'] = getlocal2("chat.redirected.content", array(htmlspecialchars(topage(get_operator_name($nextOperator)))));
+		$page['message'] = getlocal2("chat.redirected.content", array(safe_htmlspecialchars(topage(get_operator_name($nextOperator)))));
 		if ($thread['istate'] == $state_chatting) {
 			$link = connect();
 			$threadupdate = array("istate" => $state_waiting, "nextagent" => $nextid, "agentId" => 0);
diff --git a/src/messenger/webim/operator/settings.php b/src/messenger/webim/operator/settings.php
index b6daca1c..0ec0cf1b 100644
--- a/src/messenger/webim/operator/settings.php
+++ b/src/messenger/webim/operator/settings.php
@@ -69,7 +69,7 @@ if (isset($_POST['email']) && isset($_POST['title']) && isset($_POST['logo'])) {
 	if ($params['geolinkparams']) {
 		foreach (preg_split("/,/", $params['geolinkparams']) as $oneparam) {
 			if (!preg_match("/^\s*(toolbar|scrollbars|location|status|menubar|width|height|resizable)=\d{1,4}$/", $oneparam)) {
-				$errors[] = "Wrong link parameter: \"" . htmlspecialchars($oneparam) . "\", should be one of 'toolbar, scrollbars, location, status, menubar, width, height or resizable'";
+				$errors[] = "Wrong link parameter: \"" . safe_htmlspecialchars($oneparam) . "\", should be one of 'toolbar, scrollbars, location, status, menubar, width, height or resizable'";
 			}
 		}
 	}
diff --git a/src/messenger/webim/operator/translate.php b/src/messenger/webim/operator/translate.php
index 203b3ef0..d724ff44 100644
--- a/src/messenger/webim/operator/translate.php
+++ b/src/messenger/webim/operator/translate.php
@@ -189,9 +189,9 @@ if ($show == 's1') {
 
 foreach ($allkeys as $key) {
 	if ($key != 'output_charset') {
-		$tsource = htmlspecialchars($lang1[$key]);
+		$tsource = safe_htmlspecialchars($lang1[$key]);
 		if (isset($lang2[$key])) {
-			$value = htmlspecialchars($lang2[$key]);
+			$value = safe_htmlspecialchars($lang2[$key]);
 			if (get_auxiliary($lang2[$key]) != get_auxiliary($lang1[$key])) {
 				$value = "<font color=\"#6030c1\"><b>$value</b></font> <strong>(wrong formatting)</strong>";
 			}
diff --git a/src/messenger/webim/operator/update.php b/src/messenger/webim/operator/update.php
index 070b844c..c604212f 100644
--- a/src/messenger/webim/operator/update.php
+++ b/src/messenger/webim/operator/update.php
@@ -24,7 +24,7 @@ require_once('../libs/groups.php');
 $operator = get_logged_in();
 if (!$operator) {
 	start_xml_output();
-	echo "<error><descr>" . htmlspecialchars(htmlspecialchars(myiconv($webim_encoding, "utf-8", escape_with_cdata(getstring("agent.not_logged_in"))))) . "</descr></error>";
+	echo "<error><descr>" . safe_htmlspecialchars(safe_htmlspecialchars(myiconv($webim_encoding, "utf-8", escape_with_cdata(getstring("agent.not_logged_in"))))) . "</descr></error>";
 	exit;
 }
 
@@ -51,7 +51,7 @@ function thread_to_xml($thread, $link)
 $webim_encoding, $operator, $settings,
 $can_viewthreads, $can_takeover, $mysqlprefix;
 	$state = $threadstate_to_string[$thread['istate']];
-	$result = "<thread id=\"" . htmlspecialchars(htmlspecialchars($thread['threadid'])) . "\" stateid=\"$state\"";
+	$result = "<thread id=\"" . safe_htmlspecialchars(safe_htmlspecialchars($thread['threadid'])) . "\" stateid=\"$state\"";
 	if ($state == "closed")
 		return $result . "/>";
 
@@ -77,32 +77,32 @@ $can_viewthreads, $can_takeover, $mysqlprefix;
 
 	$banForThread = $settings['enableban'] == "1" ? ban_for_addr_($thread['remote'], $link) : false;
 	if ($banForThread) {
-		$result .= " ban=\"blocked\" banid=\"" . htmlspecialchars(htmlspecialchars($banForThread['banid'])) . "\"";
+		$result .= " ban=\"blocked\" banid=\"" . safe_htmlspecialchars(safe_htmlspecialchars($banForThread['banid'])) . "\"";
 	}
 
-	$result .= " state=\"$state\" typing=\"" . htmlspecialchars(htmlspecialchars($thread['userTyping'])) . "\">";
+	$result .= " state=\"$state\" typing=\"" . safe_htmlspecialchars(safe_htmlspecialchars($thread['userTyping'])) . "\">";
 	$result .= "<name>";
 	if ($banForThread) {
-		$result .= htmlspecialchars(getstring('chat.client.spam.prefix'));
+		$result .= safe_htmlspecialchars(getstring('chat.client.spam.prefix'));
 	}
-	$result .= htmlspecialchars(htmlspecialchars(get_user_name($thread['userName'], $thread['remote'], $thread['userid']))) . "</name>";
-	$result .= "<addr>" . htmlspecialchars(get_user_addr($thread['remote'])) . "</addr>";
-	$result .= "<agent>" . htmlspecialchars(htmlspecialchars($threadoperator)) . "</agent>";
-	$result .= "<time>" . htmlspecialchars(htmlspecialchars($thread['unix_timestamp(dtmcreated)'])) . "000</time>";
-	$result .= "<modified>" . htmlspecialchars(htmlspecialchars($thread['unix_timestamp(dtmmodified)'])) . "000</modified>";
+	$result .= safe_htmlspecialchars(safe_htmlspecialchars(get_user_name($thread['userName'], $thread['remote'], $thread['userid']))) . "</name>";
+	$result .= "<addr>" . safe_htmlspecialchars(get_user_addr($thread['remote'])) . "</addr>";
+	$result .= "<agent>" . safe_htmlspecialchars(safe_htmlspecialchars($threadoperator)) . "</agent>";
+	$result .= "<time>" . safe_htmlspecialchars(safe_htmlspecialchars($thread['unix_timestamp(dtmcreated)'])) . "000</time>";
+	$result .= "<modified>" . safe_htmlspecialchars(safe_htmlspecialchars($thread['unix_timestamp(dtmmodified)'])) . "000</modified>";
 
 	if ($banForThread) {
-		$result .= "<reason>" . htmlspecialchars(htmlspecialchars($banForThread['comment'])) . "</reason>";
+		$result .= "<reason>" . safe_htmlspecialchars(safe_htmlspecialchars($banForThread['comment'])) . "</reason>";
 	}
 
 	$userAgent = get_useragent_version($thread['userAgent']);
-	$result .= "<useragent>" . htmlspecialchars(htmlspecialchars($userAgent)) . "</useragent>";
+	$result .= "<useragent>" . safe_htmlspecialchars(safe_htmlspecialchars($userAgent)) . "</useragent>";
 	if ($thread["shownmessageid"] != 0) {
 		$query = "select tmessage from ${mysqlprefix}chatmessage where messageid = " . $thread["shownmessageid"];
 		$line = select_one_row($query, $link);
 		if ($line) {
 			$message = preg_replace("/[\r\n\t]+/", " ", $line["tmessage"]);
-			$result .= "<message>" . htmlspecialchars(htmlspecialchars($message)) . "</message>";
+			$result .= "<message>" . safe_htmlspecialchars(safe_htmlspecialchars($message)) . "</message>";
 		}
 	}
 	$result .= "</thread>";
@@ -156,7 +156,7 @@ function print_operators()
 		if (!operator_is_online($operator))
 			continue;
 
-		$name = myiconv($webim_encoding, "utf-8", htmlspecialchars(htmlspecialchars($operator['vclocalename'])));
+		$name = myiconv($webim_encoding, "utf-8", safe_htmlspecialchars(safe_htmlspecialchars($operator['vclocalename'])));
 		$away = operator_is_away($operator) ? " away=\"1\"" : "";
 
 		echo "<operator name=\"$name\"$away/>";
diff --git a/src/messenger/webim/view/agent.php b/src/messenger/webim/view/agent.php
index 10f2df6f..19a98219 100644
--- a/src/messenger/webim/view/agent.php
+++ b/src/messenger/webim/view/agent.php
@@ -47,7 +47,7 @@ require_once('inc_errors.php');
 <?php if( $page['opid'] || $page['canmodify'] ) { ?>
 <form name="agentForm" method="post" action="<?php echo $webimroot ?>/operator/operator.php">
 <?php print_csrf_token_input() ?>
-<input type="hidden" name="opid" value="<?php echo htmlspecialchars($page['opid']) ?>"/>
+<input type="hidden" name="opid" value="<?php echo safe_htmlspecialchars($page['opid']) ?>"/>
 <?php if(!$page['showjabber']) { ?>
 <input type="hidden" name="jabber" value="<?php echo form_value('jabber') ?>"/>
 <?php if(form_value_cb('jabbernotify')) { ?><input type="hidden" name="jabbernotify" value="on"/><?php } ?>
@@ -133,7 +133,7 @@ require_once('inc_errors.php');
 
 <?php if($page['canmodify']) { ?>
 		<div class="fbutton">
-			<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
+			<input type="image" name="save" value="" src="<?php echo $webimroot . safe_htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo safe_htmlspecialchars(getlocal("button.save")) ?>"/>
 		</div>
 <?php } ?>
 	</div>
diff --git a/src/messenger/webim/view/agents.php b/src/messenger/webim/view/agents.php
index 8c056786..b2e7f009 100644
--- a/src/messenger/webim/view/agents.php
+++ b/src/messenger/webim/view/agents.php
@@ -38,7 +38,7 @@ require_once('inc_errors.php');
 <?php if($page['canmodify']) { ?>
 <div class="tabletool">
 	<img src="<?php echo $webimroot ?>/images/buttons/createagent.gif" border="0" alt="" />
-	<a href="<?php echo $webimroot ?>/operator/operator.php" title="<?php echo htmlspecialchars(getlocal("page_agents.new_agent")) ?>">
+	<a href="<?php echo $webimroot ?>/operator/operator.php" title="<?php echo safe_htmlspecialchars(getlocal("page_agents.new_agent")) ?>">
 		<?php echo getlocal("page_agents.new_agent") ?>
 	</a>
 </div>
@@ -64,12 +64,12 @@ require_once('inc_errors.php');
 <?php foreach( $page['allowedAgents'] as $a ) { ?>
 <tr>
 	<td class="notlast">
-   		<a id="ti<?php echo htmlspecialchars($a['operatorid']) ?>" href="<?php echo $webimroot ?>/operator/operator.php?op=<?php echo urlencode($a['operatorid']) ?>" class="man">
-   			<?php echo htmlspecialchars(topage($a['vclogin'])) ?>
+   		<a id="ti<?php echo safe_htmlspecialchars($a['operatorid']) ?>" href="<?php echo $webimroot ?>/operator/operator.php?op=<?php echo urlencode($a['operatorid']) ?>" class="man">
+   			<?php echo safe_htmlspecialchars(topage($a['vclogin'])) ?>
    		</a>
 	</td>
 	<td class="notlast">
-   		<?php echo htmlspecialchars(topage($a['vclocalename'])) ?> / <?php echo htmlspecialchars(topage($a['vccommonname'])) ?>
+   		<?php echo safe_htmlspecialchars(topage($a['vclocalename'])) ?> / <?php echo safe_htmlspecialchars(topage($a['vccommonname'])) ?>
 	</td>
 	<td class="notlast">
 <?php if(operator_is_available($a)) { ?>
@@ -82,7 +82,7 @@ require_once('inc_errors.php');
 	</td>
 <?php if($page['canmodify']) { ?>
 	<td>
-  <a class="removelink" id="i<?php echo htmlspecialchars($a['operatorid']) ?>" href="<?php echo $webimroot ?>/operator/operators.php?act=del&amp;id=<?php echo urlencode($a['operatorid']) ?><?php print_csrf_token_in_url() ?>">
+  <a class="removelink" id="i<?php echo safe_htmlspecialchars($a['operatorid']) ?>" href="<?php echo $webimroot ?>/operator/operators.php?act=del&amp;id=<?php echo urlencode($a['operatorid']) ?><?php print_csrf_token_in_url() ?>">
 			remove
 		</a>
 	</td>
diff --git a/src/messenger/webim/view/avatar.php b/src/messenger/webim/view/avatar.php
index 1149f251..a44e14b7 100644
--- a/src/messenger/webim/view/avatar.php
+++ b/src/messenger/webim/view/avatar.php
@@ -33,13 +33,13 @@ require_once('inc_errors.php');
 
 <form name="avatarForm" method="post" action="<?php echo $webimroot ?>/operator/avatar.php" enctype="multipart/form-data">
 <?php print_csrf_token_input() ?>
-<input type="hidden" name="op" value="<?php echo htmlspecialchars($page['opid']) ?>"/>
+<input type="hidden" name="op" value="<?php echo safe_htmlspecialchars($page['opid']) ?>"/>
 	<div>
 <?php print_tabbar(); ?>
 	<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
 
 	<p>
-		<b><?php echo htmlspecialchars($page['currentop']) ?>&lrm;</b>
+		<b><?php echo safe_htmlspecialchars($page['currentop']) ?>&lrm;</b>
 	</p>
 
 	<div class="fieldForm">
@@ -48,7 +48,7 @@ require_once('inc_errors.php');
 		<div class="field">
 			<div class="flabel"><?php echo getlocal('form.field.avatar.current') ?></div>
 			<div class="fvalue">
-				<img src="<?php echo htmlspecialchars($page['avatar']) ?>" alt="cannot load avatar"/><br/>
+				<img src="<?php echo safe_htmlspecialchars($page['avatar']) ?>" alt="cannot load avatar"/><br/>
 <?php if($page['canmodify']) { ?>
                 <a class="formauth" href="<?php echo $webimroot ?>/operator/avatar.php?op=<?php echo urlencode($page['opid']) ?>&amp;delete=true">
                     <?php echo getlocal("page_agent.clear_avatar") ?>
@@ -77,7 +77,7 @@ require_once('inc_errors.php');
 		</div>
 
 		<div class="fbutton">
-			<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
+			<input type="image" name="save" value="" src="<?php echo $webimroot . safe_htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo safe_htmlspecialchars(getlocal("button.save")) ?>"/>
 		</div>
 <?php } ?>
 	</div>
diff --git a/src/messenger/webim/view/ban.php b/src/messenger/webim/view/ban.php
index 2355824f..c955a19b 100644
--- a/src/messenger/webim/view/ban.php
+++ b/src/messenger/webim/view/ban.php
@@ -21,7 +21,7 @@ function tpl_content() { global $page, $webimroot, $errors;
 ?>
 
 <?php if( $page['saved'] ) { ?>
-	<?php echo getlocal2("page_ban.sent",array(htmlspecialchars($page['address']))) ?>
+	<?php echo getlocal2("page_ban.sent",array(safe_htmlspecialchars($page['address']))) ?>
 
 	<script type="text/javascript"><!--
 		setTimeout( (function() { window.close(); }), 1500 );
@@ -37,15 +37,15 @@ require_once('inc_errors.php');
 
 
 <?php if( $page['thread'] ) { ?>
-	<?php echo getlocal2("page_ban.thread",array(htmlspecialchars($page['thread']))) ?><br/>
+	<?php echo getlocal2("page_ban.thread",array(safe_htmlspecialchars($page['thread']))) ?><br/>
 	<br/>
 <?php } ?>
 
 <form name="banForm" method="post" action="<?php echo $webimroot ?>/operator/ban.php">
 <?php print_csrf_token_input() ?>
-<input type="hidden" name="banId" value="<?php echo htmlspecialchars($page['banId']) ?>"/>
+<input type="hidden" name="banId" value="<?php echo safe_htmlspecialchars($page['banId']) ?>"/>
 <?php if( $page['threadid'] ) { ?>
-<input type="hidden" name="threadid" value="<?php echo htmlspecialchars($page['threadid']) ?>"/>
+<input type="hidden" name="threadid" value="<?php echo safe_htmlspecialchars($page['threadid']) ?>"/>
 <?php } ?>
 	<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
 	
@@ -78,7 +78,7 @@ require_once('inc_errors.php');
 		</div>
 		
 		<div class="fbutton">
-			<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
+			<input type="image" name="save" value="" src="<?php echo $webimroot . safe_htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo safe_htmlspecialchars(getlocal("button.save")) ?>"/>
 		</div>
 	</div>
 	
diff --git a/src/messenger/webim/view/blocked_visitors.php b/src/messenger/webim/view/blocked_visitors.php
index 4f333e66..fec6c5a8 100644
--- a/src/messenger/webim/view/blocked_visitors.php
+++ b/src/messenger/webim/view/blocked_visitors.php
@@ -37,7 +37,7 @@ require_once('inc_errors.php');
 
 <div class="tabletool">
 	<img src="<?php echo $webimroot ?>/images/buttons/createban.gif" border="0" alt=""/>
-	<a href="<?php echo $webimroot ?>/operator/ban.php" title="<?php echo htmlspecialchars(getlocal("page_bans.add")) ?>">
+	<a href="<?php echo $webimroot ?>/operator/ban.php" title="<?php echo safe_htmlspecialchars(getlocal("page_bans.add")) ?>">
 		<?php echo getlocal("page_bans.add") ?>
 	</a>
 </div>
@@ -64,8 +64,8 @@ if( $page['pagination.items'] ) {
 	foreach( $page['pagination.items'] as $b ) { ?>
 	<tr>
 	<td class="notlast">
-		<a href="ban.php?id=<?php echo urlencode($b['banid']) ?>" class="man" id="ti<?php echo htmlspecialchars($b['banid']) ?>">
-		   	<?php echo htmlspecialchars($b['address']) ?>
+		<a href="ban.php?id=<?php echo urlencode($b['banid']) ?>" class="man" id="ti<?php echo safe_htmlspecialchars($b['banid']) ?>">
+		   	<?php echo safe_htmlspecialchars($b['address']) ?>
 	   	</a>
 	</td>
 	<td class="notlast">
@@ -74,14 +74,14 @@ if( $page['pagination.items'] ) {
 	<td>
 <?php 
 	if( strlen(topage($b['comment'])) > 30 ) { 
-		echo htmlspecialchars(substr(topage($b['comment']),0,30));
+		echo safe_htmlspecialchars(substr(topage($b['comment']),0,30));
 	} else {
-		echo htmlspecialchars(topage($b['comment']));
+		echo safe_htmlspecialchars(topage($b['comment']));
 	} 
 ?>
 	</td>
 	<td>
-		<a class="removelink" id="i<?php echo htmlspecialchars($b['banid']) ?>" href="<?php echo $webimroot ?>/operator/blocked.php?act=del&amp;id=<?php echo urlencode($b['banid']) ?><?php print_csrf_token_in_url() ?>">
+		<a class="removelink" id="i<?php echo safe_htmlspecialchars($b['banid']) ?>" href="<?php echo $webimroot ?>/operator/blocked.php?act=del&amp;id=<?php echo urlencode($b['banid']) ?><?php print_csrf_token_in_url() ?>">
 			remove
 		</a>
 	</td>
diff --git a/src/messenger/webim/view/canned.php b/src/messenger/webim/view/canned.php
index ff4bd0a3..ecd9a2ae 100644
--- a/src/messenger/webim/view/canned.php
+++ b/src/messenger/webim/view/canned.php
@@ -37,7 +37,7 @@ require_once('inc_errors.php');
 		<?php echo getlocal("canned.locale") ?><br/>
 		<select name="lang" onchange="this.form.submit();"><?php
 			foreach($page['locales'] as $k) {
-				echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("lang") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
+				echo "<option value=\"" . safe_htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("lang") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k["name"]) . "</option>";
 			} ?></select>
 	</div>
 
@@ -46,7 +46,7 @@ require_once('inc_errors.php');
 		<?php echo getlocal("canned.group") ?><br/>
 		<select name="group" onchange="this.form.submit();"><?php
 			foreach($page['groups'] as $k) {
-				echo "<option value=\"" . htmlspecialchars($k["groupid"]) . "\"".($k["groupid"] == form_value("group") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["vclocalname"]) . "</option>";
+				echo "<option value=\"" . safe_htmlspecialchars($k["groupid"]) . "\"".($k["groupid"] == form_value("group") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k["vclocalname"]) . "</option>";
 			} ?></select>
 	</div>
 <?php } ?>
@@ -82,7 +82,7 @@ if( $page['pagination.items'] ) {
 	foreach( $page['pagination.items'] as $localstr ) { ?>
 	<tr>
 		<td>
-			<?php echo str_replace("\n", "<br/>",htmlspecialchars(topage($localstr['vcvalue']))) ?>
+			<?php echo str_replace("\n", "<br/>",safe_htmlspecialchars(topage($localstr['vcvalue']))) ?>
 		</td>
 		<td>
 			<a href="<?php echo $webimroot ?>/operator/cannededit.php?key=<?php echo urlencode($localstr['id']) ?>" target="_blank"
diff --git a/src/messenger/webim/view/cannededit.php b/src/messenger/webim/view/cannededit.php
index e372af4a..d4c12693 100644
--- a/src/messenger/webim/view/cannededit.php
+++ b/src/messenger/webim/view/cannededit.php
@@ -41,10 +41,10 @@ require_once('inc_errors.php');
 
 <form name="cannedForm" method="post" action="<?php echo $webimroot ?>/operator/cannededit.php">
 <?php print_csrf_token_input() ?>
-<input type="hidden" name="key" value="<?php echo htmlspecialchars($page['key']) ?>"/>
+<input type="hidden" name="key" value="<?php echo safe_htmlspecialchars($page['key']) ?>"/>
 <?php if(!$page['key']) { ?>
-<input type="hidden" name="lang" value="<?php echo htmlspecialchars($page['locale']) ?>"/>
-<input type="hidden" name="group" value="<?php echo htmlspecialchars($page['groupid']) ?>"/>
+<input type="hidden" name="lang" value="<?php echo safe_htmlspecialchars($page['locale']) ?>"/>
+<input type="hidden" name="group" value="<?php echo safe_htmlspecialchars($page['groupid']) ?>"/>
 <?php } ?>
 	<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
 
@@ -57,7 +57,7 @@ require_once('inc_errors.php');
 		</div>
 
 		<div class="fbutton">
-			<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
+			<input type="image" name="save" value="" src="<?php echo $webimroot . safe_htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo safe_htmlspecialchars(getlocal("button.save")) ?>"/>
 		</div>
 	</div>
 
diff --git a/src/messenger/webim/view/confirm.php b/src/messenger/webim/view/confirm.php
index 470e830e..058099d0 100644
--- a/src/messenger/webim/view/confirm.php
+++ b/src/messenger/webim/view/confirm.php
@@ -23,16 +23,16 @@ function tpl_content() { global $page, $webimroot;
 <div id="confirmpane">
 	<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
 
-		<?php echo getlocal2("confirm.take.message",array(htmlspecialchars($page['user']), htmlspecialchars($page['agent']))) ?><br/><br/>
+		<?php echo getlocal2("confirm.take.message",array(safe_htmlspecialchars($page['user']), safe_htmlspecialchars($page['agent']))) ?><br/><br/>
 		<br/>
 
 		<div>
 		<table class="nicebutton"><tr>
-			<td><a href="<?php echo htmlspecialchars($page['link']) ?>">
+			<td><a href="<?php echo safe_htmlspecialchars($page['link']) ?>">
 				<img src="<?php echo $webimroot ?>/images/submit.gif" width="40" height="35" border="0" alt="" /></a></td>
-			<td class="submit"><a href="<?php echo htmlspecialchars($page['link']) ?>">
+			<td class="submit"><a href="<?php echo safe_htmlspecialchars($page['link']) ?>">
 				<?php echo getlocal("confirm.take.yes") ?></a></td>
-			<td><a href="<?php echo htmlspecialchars($page['link']) ?>">
+			<td><a href="<?php echo safe_htmlspecialchars($page['link']) ?>">
 				<img src="<?php echo $webimroot ?>/images/submitrest.gif" width="10" height="35" border="0" alt="" /></a></td>
 		</tr></table>
 
diff --git a/src/messenger/webim/view/features.php b/src/messenger/webim/view/features.php
index 2ed01b14..fdd5c55d 100644
--- a/src/messenger/webim/view/features.php
+++ b/src/messenger/webim/view/features.php
@@ -213,7 +213,7 @@ require_once('inc_errors.php');
 
     <?php if($page['canmodify']) { ?>
 		<div class="fbutton">
-			<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
+			<input type="image" name="save" value="" src="<?php echo $webimroot . safe_htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo safe_htmlspecialchars(getlocal("button.save")) ?>"/>
 		</div>
     <?php } ?>
 	</div>
diff --git a/src/messenger/webim/view/getcode_image.php b/src/messenger/webim/view/getcode_image.php
index 525392e9..92ebdaf6 100644
--- a/src/messenger/webim/view/getcode_image.php
+++ b/src/messenger/webim/view/getcode_image.php
@@ -41,7 +41,7 @@ require_once('inc_errors.php');
 		<div class="fieldinrow">
 			<div class="flabel"><?php echo getlocal("page.gen_button.choose_locale") ?></div>
 			<div class="fvaluenodesc">
-				<select name="lang" onchange="this.form.submit();"><?php foreach($page['availableLocales'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"" . ($k == form_value("lang") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
+				<select name="lang" onchange="this.form.submit();"><?php foreach($page['availableLocales'] as $k) { echo "<option value=\"" . safe_htmlspecialchars($k) . "\"" . ($k == form_value("lang") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k) . "</option>"; } ?></select>
 			</div>
 		</div>
 
@@ -49,7 +49,7 @@ require_once('inc_errors.php');
 		<div class="fieldinrow">
 			<div class="flabel"><?php echo getlocal("page.gen_button.choose_group") ?></div>
 			<div class="fvaluenodesc">
-				<select name="group" onchange="this.form.submit();"><?php foreach($page['groups'] as $k) { echo "<option value=\"" . htmlspecialchars($k['groupid']) . "\"".($k['groupid'] == form_value("group") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k['vclocalname']) . "</option>"; } ?></select>
+				<select name="group" onchange="this.form.submit();"><?php foreach($page['groups'] as $k) { echo "<option value=\"" . safe_htmlspecialchars($k['groupid']) . "\"".($k['groupid'] == form_value("group") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k['vclocalname']) . "</option>"; } ?></select>
 			</div>
 		</div>
 <?php } ?>
@@ -58,14 +58,14 @@ require_once('inc_errors.php');
 		<div class="fieldinrow">
 			<div class="flabel"><?php echo getlocal("page.gen_button.choose_image") ?></div>
 			<div class="fvaluenodesc">
-				<select name="i" onchange="this.form.submit();"><?php foreach($page['availableImages'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("image") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
+				<select name="i" onchange="this.form.submit();"><?php foreach($page['availableImages'] as $k) { echo "<option value=\"" . safe_htmlspecialchars($k) . "\"".($k == form_value("image") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k) . "</option>"; } ?></select>
 			</div>
 		</div>
 
 		<div class="fieldinrow">
 			<div class="flabel"><?php echo getlocal("page.gen_button.choose_style") ?></div>
 			<div class="fvaluenodesc">
-				<select name="style" onchange="this.form.submit();"><?php foreach($page['availableStyles'] as $k => $v) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("style") ? " selected=\"selected\"" : "").">" . htmlspecialchars($v) . "</option>"; } ?></select>
+				<select name="style" onchange="this.form.submit();"><?php foreach($page['availableStyles'] as $k => $v) { echo "<option value=\"" . safe_htmlspecialchars($k) . "\"".($k == form_value("style") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($v) . "</option>"; } ?></select>
 			</div>
 		</div>
 		<br clear="all"/>
@@ -98,7 +98,7 @@ require_once('inc_errors.php');
 		<div class="field">
 			<div class="flabel"><?php echo getlocal("page.gen_button.code") ?></div>
 			<div class="fvaluewithta" dir="ltr">
-				<textarea cols="44" rows="15"><?php echo htmlspecialchars($page['buttonCode']) ?></textarea>
+				<textarea cols="44" rows="15"><?php echo safe_htmlspecialchars($page['buttonCode']) ?></textarea>
 			</div>
 			<div class="fdescr"><?php echo getlocal("page.gen_button.code.description") ?></div>
 			<br clear="all"/>
diff --git a/src/messenger/webim/view/getcode_text.php b/src/messenger/webim/view/getcode_text.php
index 5bb6a2d7..8396c9f3 100644
--- a/src/messenger/webim/view/getcode_text.php
+++ b/src/messenger/webim/view/getcode_text.php
@@ -41,7 +41,7 @@ require_once('inc_errors.php');
 		<div class="fieldinrow">
 			<div class="flabel"><?php echo getlocal("page.gen_button.choose_locale") ?></div>
 			<div class="fvaluenodesc">
-				<select name="lang" onchange="this.form.submit();"><?php foreach($page['availableLocales'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("lang") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
+				<select name="lang" onchange="this.form.submit();"><?php foreach($page['availableLocales'] as $k) { echo "<option value=\"" . safe_htmlspecialchars($k) . "\"".($k == form_value("lang") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k) . "</option>"; } ?></select>
 			</div>
 		</div>
 
@@ -49,7 +49,7 @@ require_once('inc_errors.php');
 		<div class="fieldinrow">
 			<div class="flabel"><?php echo getlocal("page.gen_button.choose_group") ?></div>
 			<div class="fvaluenodesc">
-				<select name="group" onchange="this.form.submit();"><?php foreach($page['groups'] as $k) { echo "<option value=\"" . htmlspecialchars($k['groupid']) . "\"".($k['groupid'] == form_value("group") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k['vclocalname']) . "</option>"; } ?></select>
+				<select name="group" onchange="this.form.submit();"><?php foreach($page['groups'] as $k) { echo "<option value=\"" . safe_htmlspecialchars($k['groupid']) . "\"".($k['groupid'] == form_value("group") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k['vclocalname']) . "</option>"; } ?></select>
 			</div>
 		</div>
 <?php } ?>
@@ -58,7 +58,7 @@ require_once('inc_errors.php');
 		<div class="fieldinrow">
 			<div class="flabel"><?php echo getlocal("page.gen_button.choose_style") ?></div>
 			<div class="fvaluenodesc">
-				<select name="style" onchange="this.form.submit();"><?php foreach($page['availableStyles'] as $k => $v) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("style") ? " selected=\"selected\"" : "").">" . htmlspecialchars($v) . "</option>"; } ?></select>
+				<select name="style" onchange="this.form.submit();"><?php foreach($page['availableStyles'] as $k => $v) { echo "<option value=\"" . safe_htmlspecialchars($k) . "\"".($k == form_value("style") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($v) . "</option>"; } ?></select>
 			</div>
 		</div>
 		<br clear="all"/>
@@ -91,7 +91,7 @@ require_once('inc_errors.php');
 		<div class="field">
 			<div class="flabel"><?php echo getlocal("page.gen_button.code") ?></div>
 			<div class="fvaluewithta" dir="ltr">
-				<textarea cols="44" rows="15"><?php echo htmlspecialchars($page['buttonCode']) ?></textarea>
+				<textarea cols="44" rows="15"><?php echo safe_htmlspecialchars($page['buttonCode']) ?></textarea>
 			</div>
 			<div class="fdescr"><?php echo getlocal("page.gen_button.code.description") ?></div>
 			<br clear="all"/>
diff --git a/src/messenger/webim/view/group.php b/src/messenger/webim/view/group.php
index e0f7fc62..164072a6 100644
--- a/src/messenger/webim/view/group.php
+++ b/src/messenger/webim/view/group.php
@@ -41,7 +41,7 @@ require_once('inc_errors.php');
 
 <form name="groupForm" method="post" action="<?php echo $webimroot ?>/operator/group.php">
 <?php print_csrf_token_input() ?>
-<input type="hidden" name="gid" value="<?php echo htmlspecialchars($page['grid']) ?>"/>
+<input type="hidden" name="gid" value="<?php echo safe_htmlspecialchars($page['grid']) ?>"/>
 	<div>
 <?php print_tabbar(); ?>
 	<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
@@ -93,7 +93,7 @@ require_once('inc_errors.php');
 		</div>
 		
 		<div class="fbutton">
-			<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
+			<input type="image" name="save" value="" src="<?php echo $webimroot . safe_htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo safe_htmlspecialchars(getlocal("button.save")) ?>"/>
 		</div>
 	</div>
 
diff --git a/src/messenger/webim/view/groupmembers.php b/src/messenger/webim/view/groupmembers.php
index 566627ef..fbd5c405 100644
--- a/src/messenger/webim/view/groupmembers.php
+++ b/src/messenger/webim/view/groupmembers.php
@@ -24,38 +24,38 @@ $page['menuid'] = "groups";
 function tpl_content() { global $page, $webimroot, $errors;
 ?>
 
-<?php echo htmlspecialchars(getlocal("page.groupmembers.intro")) ?>
+<?php echo safe_htmlspecialchars(getlocal("page.groupmembers.intro")) ?>
 <br />
 <br />
 <?php
 require_once('inc_errors.php');
 ?>
 <?php if( $page['stored'] ) { ?>
-<div id="formmessage"><?php echo htmlspecialchars(getlocal("data.saved")) ?></div>
+<div id="formmessage"><?php echo safe_htmlspecialchars(getlocal("data.saved")) ?></div>
 <?php } ?>
 
 <form name="membersForm" method="post" action="<?php echo $webimroot ?>/operator/groupmembers.php">
 <?php print_csrf_token_input() ?>
-<input type="hidden" name="gid" value="<?php echo htmlspecialchars($page['groupid']) ?>"/>
+<input type="hidden" name="gid" value="<?php echo safe_htmlspecialchars($page['groupid']) ?>"/>
 	<div>
 <?php print_tabbar(); ?>
 	<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
 
 	<p>
-		<b><?php echo htmlspecialchars($page['currentgroup']) ?></b>
+		<b><?php echo safe_htmlspecialchars($page['currentgroup']) ?></b>
 	</p>
 <?php foreach( $page['operators'] as $pm ) { ?>
 	<div class="field">
 		<div class="fvaluenodesc">
-			<input type="checkbox" name="op<?php echo htmlspecialchars($pm['operatorid']) ?>" value="on"<?php echo form_value_mb('op',$pm['operatorid']) ? " checked=\"checked\"" : "" ?>/>
-			<?php echo htmlspecialchars(topage($pm['vclocalename'])) ?> (<a href="operator.php?op=<?php echo urlencode($pm['operatorid']) ?>"
-				><?php echo htmlspecialchars(topage($pm['vclogin'])) ?></a>)
+			<input type="checkbox" name="op<?php echo safe_htmlspecialchars($pm['operatorid']) ?>" value="on"<?php echo form_value_mb('op',$pm['operatorid']) ? " checked=\"checked\"" : "" ?>/>
+			<?php echo safe_htmlspecialchars(topage($pm['vclocalename'])) ?> (<a href="operator.php?op=<?php echo urlencode($pm['operatorid']) ?>"
+				><?php echo safe_htmlspecialchars(topage($pm['vclogin'])) ?></a>)
 		</div>
 	</div>
 <?php } ?>
 
 	<div class="fbutton">
-		<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
+		<input type="image" name="save" value="" src="<?php echo $webimroot . safe_htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo safe_htmlspecialchars(getlocal("button.save")) ?>"/>
 	</div>
 
 	</div><div class="formbottom"><div class="formbottomi"></div></div></div>
diff --git a/src/messenger/webim/view/groups.php b/src/messenger/webim/view/groups.php
index 12d2b47e..8f24ba23 100644
--- a/src/messenger/webim/view/groups.php
+++ b/src/messenger/webim/view/groups.php
@@ -68,12 +68,12 @@ if(count($page['groups']) > 0) {
 	foreach( $page['groups'] as $grp ) { ?>
 <tr>
 	<td class="notlast">
-		<a href="<?php echo $webimroot ?>/operator/group.php?gid=<?php echo urlencode($grp['groupid']) ?>" id="ti<?php echo htmlspecialchars($grp['groupid']) ?>" class="man">
-			<?php echo htmlspecialchars(topage($grp['vclocalname'])) ?>
+		<a href="<?php echo $webimroot ?>/operator/group.php?gid=<?php echo urlencode($grp['groupid']) ?>" id="ti<?php echo safe_htmlspecialchars($grp['groupid']) ?>" class="man">
+			<?php echo safe_htmlspecialchars(topage($grp['vclocalname'])) ?>
 		</a>
 	</td>
 	<td class="notlast">
-		<?php echo $grp['vclocaldescription'] ? htmlspecialchars(topage($grp['vclocaldescription'])) : "&lt;none&gt;" ?>
+		<?php echo $grp['vclocaldescription'] ? safe_htmlspecialchars(topage($grp['vclocaldescription'])) : "&lt;none&gt;" ?>
 	</td>
 	<td class="notlast">
 <?php if(is_online($grp)) { ?>
@@ -86,12 +86,12 @@ if(count($page['groups']) > 0) {
 	</td>
 	<td>
 		<a href="<?php echo $webimroot ?>/operator/groupmembers.php?gid=<?php echo urlencode($grp['groupid']) ?>">
-			<?php echo htmlspecialchars(topage($grp['inumofagents'])) ?>
+			<?php echo safe_htmlspecialchars(topage($grp['inumofagents'])) ?>
 		</a>
 	</td>
 <?php if($page['canmodify']) { ?>
 	<td>
-		<a href="<?php echo $webimroot ?>/operator/groups.php?act=del&amp;gid=<?php echo urlencode($grp['groupid']) ?><?php print_csrf_token_in_url() ?>" id="i<?php echo htmlspecialchars($grp['groupid']) ?>" class="removelink">
+		<a href="<?php echo $webimroot ?>/operator/groups.php?act=del&amp;gid=<?php echo urlencode($grp['groupid']) ?><?php print_csrf_token_in_url() ?>" id="i<?php echo safe_htmlspecialchars($grp['groupid']) ?>" class="removelink">
 			remove
 		</a>
 	</td>
diff --git a/src/messenger/webim/view/inc_locales.php b/src/messenger/webim/view/inc_locales.php
index 284adb11..4b6cc31e 100644
--- a/src/messenger/webim/view/inc_locales.php
+++ b/src/messenger/webim/view/inc_locales.php
@@ -28,7 +28,7 @@ function tpl_menu() { global $page, $webimroot, $errors, $current_locale;
 				<h2><b><?php echo getlocal("lang.choose") ?></b></h2>
 				<ul class="locales">
 <?php foreach($page['localeLinks'] as $id => $title) { ?>
-					<li<?php menuloc($id)?> ><a href="?locale=<?php echo urlencode($id) ?>"><?php echo htmlspecialchars($title) ?></a></li>
+					<li<?php menuloc($id)?> ><a href="?locale=<?php echo urlencode($id) ?>"><?php echo safe_htmlspecialchars($title) ?></a></li>
 <?php } ?>
 				</ul>
 			</li>
diff --git a/src/messenger/webim/view/inc_main.php b/src/messenger/webim/view/inc_main.php
index c6ce015a..15be4133 100644
--- a/src/messenger/webim/view/inc_main.php
+++ b/src/messenger/webim/view/inc_main.php
@@ -27,7 +27,7 @@ $isrtl = getlocal("localedirection") == 'rtl';
 		tpl_header();
 ?>
 <title>
-	<?php echo htmlspecialchars($page['title']) ?> - <?php echo getlocal("app.title") ?>
+	<?php echo safe_htmlspecialchars($page['title']) ?> - <?php echo getlocal("app.title") ?>
 </title>
 <link href="<?php echo $webimroot ?>/default.css" rel="stylesheet" type="text/css" />
 <!--[if lte IE 6]><script language="JavaScript" type="text/javascript" src="<?php echo $webimroot ?>/<?php echo jspath() ?>/ie.js"></script><![endif]-->
@@ -37,10 +37,10 @@ $isrtl = getlocal("localedirection") == 'rtl';
 	<div id="header">
 		<div id="title">
 			<h1><img src="<?php echo $webimroot ?>/images/logo.gif" alt="" width="32" height="32" class="left" />
-				<a href="#"><?php echo isset($page['headertitle']) ? htmlspecialchars($page['headertitle']) : htmlspecialchars($page['title']) ?></a></h1>
+				<a href="#"><?php echo isset($page['headertitle']) ? safe_htmlspecialchars($page['headertitle']) : safe_htmlspecialchars($page['title']) ?></a></h1>
 		</div>
 <?php if(isset($page) && isset($page['operator'])) { ?>
-		<div id="path"><p><?php echo getlocal2("menu.operator",array(htmlspecialchars($page['operator']))) ?></p></div>
+		<div id="path"><p><?php echo getlocal2("menu.operator",array(safe_htmlspecialchars($page['operator']))) ?></p></div>
 <?php } else if(isset($page) && isset($page['show_small_login'])) { ?>
 		<div id="loginsmallpane">
 			<form name="smallLogin" method="post" action="<?php echo $webimroot ?>/operator/login.php">
@@ -83,7 +83,7 @@ $isrtl = getlocal("localedirection") == 'rtl';
 	<div class="empty_inner" style="">&#160;</div>
 </div>
 <div id="footer">
-	<p id="legal"><a href="http://mibew.org/" target="_blank" class="flink">Mibew Messenger</a> <?php echo htmlspecialchars($version) ?> | (c) 2011-2013 mibew.org</p>
+	<p id="legal"><a href="http://mibew.org/" target="_blank" class="flink">Mibew Messenger</a> <?php echo safe_htmlspecialchars($version) ?> | (c) 2011-2013 mibew.org</p>
 </div>
 </body>
 </html>
\ No newline at end of file
diff --git a/src/messenger/webim/view/inc_tabbar.php b/src/messenger/webim/view/inc_tabbar.php
index c13eba6e..a10fe2d2 100644
--- a/src/messenger/webim/view/inc_tabbar.php
+++ b/src/messenger/webim/view/inc_tabbar.php
@@ -25,8 +25,8 @@ function print_tabbar($maxwidth = 4) {
 		$tabbar2 = array();
 		for($i = 0; $i < $len; $i++) {
 			$tabbar2[] = $i != $selected
-				? "<li><a href=\"" . htmlspecialchars($tabbar[$i]['link']) . "\">" . htmlspecialchars($tabbar[$i]['title']) . "</a></li>\n"
-				: "<li class=\"active\"><a href=\"#\">" . htmlspecialchars($tabbar[$i]['title']) . "</a></li>\n";
+				? "<li><a href=\"" . safe_htmlspecialchars($tabbar[$i]['link']) . "\">" . safe_htmlspecialchars($tabbar[$i]['title']) . "</a></li>\n"
+				: "<li class=\"active\"><a href=\"#\">" . safe_htmlspecialchars($tabbar[$i]['title']) . "</a></li>\n";
 		}
 
 		if($len > $maxwidth) { // && $len - $selected > $maxwidth
diff --git a/src/messenger/webim/view/login.php b/src/messenger/webim/view/login.php
index 79be7fdf..0ce87670 100644
--- a/src/messenger/webim/view/login.php
+++ b/src/messenger/webim/view/login.php
@@ -72,7 +72,7 @@ require_once('inc_errors.php');
 		</div>
 
 		<div class="fbutton">
-			<input type="image" name="login" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.login")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.enter")) ?>"/>
+			<input type="image" name="login" src="<?php echo $webimroot . safe_htmlspecialchars(getlocal("image.button.login")) ?>" alt="<?php echo safe_htmlspecialchars(getlocal("button.enter")) ?>"/>
 
 			<div class="links">
 				<a href="<?php echo $webimroot ?>/operator/restore.php"><?php echo getlocal("restore.pwd.message") ?></a><br/>
diff --git a/src/messenger/webim/view/menu.php b/src/messenger/webim/view/menu.php
index 9b14c9b5..b50f10c6 100644
--- a/src/messenger/webim/view/menu.php
+++ b/src/messenger/webim/view/menu.php
@@ -40,13 +40,13 @@ function tpl_content() { global $page, $webimroot, $current_locale, $menuItemsCo
 <br/>
 
 <?php if( $page['needChangePassword'] ) { ?>
-<div id="formmessage"><?php echo getlocal("error.no_password") ?> <?php echo getlocal2("error.no_password.visit_profile", array(htmlspecialchars($page['profilePage']))) ?></div>
+<div id="formmessage"><?php echo getlocal("error.no_password") ?> <?php echo getlocal2("error.no_password.visit_profile", array(safe_htmlspecialchars($page['profilePage']))) ?></div>
 <br/>
 <?php } else if( $page['needUpdate'] ) { ?>
-<div id="formmessage"><?php echo getlocal2("install.updatedb",array(htmlspecialchars($page['updateWizard']))) ?></div>
+<div id="formmessage"><?php echo getlocal2("install.updatedb",array(safe_htmlspecialchars($page['updateWizard']))) ?></div>
 <br/>
-<?php } else if($page['newFeatures']) { ?>
-<div><div id="formmessage"><?php echo getlocal2("install.newfeatures",array(htmlspecialchars($page['featuresPage'], $version))) ?></div></div>
+<?php } else if($page['newFeatures'] ) { ?>
+<div><div id="formmessage"><?php echo getlocal2("install.newfeatures",array(safe_htmlspecialchars($page['featuresPage']), safe_htmlspecialchars($version))) ?></div></div>
 <br/>
 <?php } ?>
 
@@ -188,7 +188,7 @@ $menuItemsCount = 2;
 	<b><?php echo getlocal("lang.choose") ?></b></h2>
 	<ul class="locales">
 <?php foreach($page['localeLinks'] as $id => $title) { ?>
-		<li<?php echo $current_locale == $id ? " class=\"active\"" : "" ?> ><a href="?locale=<?php echo urlencode($id) ?>"><?php echo htmlspecialchars($title) ?></a></li>
+		<li<?php echo $current_locale == $id ? " class=\"active\"" : "" ?> ><a href="?locale=<?php echo urlencode($id) ?>"><?php echo safe_htmlspecialchars($title) ?></a></li>
 <?php } ?>
 	</ul>
 </div>
diff --git a/src/messenger/webim/view/notification.php b/src/messenger/webim/view/notification.php
index 1bf31b05..18037a9c 100644
--- a/src/messenger/webim/view/notification.php
+++ b/src/messenger/webim/view/notification.php
@@ -32,7 +32,7 @@ $notification = $page['notification'];
 			<?php echo getlocal("notification.label.to") ?>:
 		</div> 
 		<div class="wvalue">
-			<?php echo topage(htmlspecialchars($notification['vcto'])) ?>
+			<?php echo topage(safe_htmlspecialchars($notification['vcto'])) ?>
 		</div>
 		<br clear="all"/>
 
@@ -48,7 +48,7 @@ $notification = $page['notification'];
 			<?php echo getlocal("notification.label.subj") ?>:
 		</div>
 		<div class="wvalue">
-			<?php echo topage(htmlspecialchars($notification['vcsubject'])) ?>
+			<?php echo topage(safe_htmlspecialchars($notification['vcsubject'])) ?>
 		</div>
 		<br clear="all"/>
 </div>
diff --git a/src/messenger/webim/view/notifications.php b/src/messenger/webim/view/notifications.php
index bafebf46..fc92da26 100644
--- a/src/messenger/webim/view/notifications.php
+++ b/src/messenger/webim/view/notifications.php
@@ -49,7 +49,7 @@ require_once('inc_errors.php');
 		<?php echo getlocal("notifications.kind") ?><br/>
 		<select name="kind" onchange="this.form.submit();"><?php
 			foreach($page['allkinds'] as $k) {
-				echo "<option value=\"".htmlspecialchars($k)."\"".($k == form_value("kind") ? " selected=\"selected\"" : "").">".getlocal("notifications.kind.".($k ? $k : "all"))."</option>";
+				echo "<option value=\"".safe_htmlspecialchars($k)."\"".($k == form_value("kind") ? " selected=\"selected\"" : "").">".getlocal("notifications.kind.".($k ? $k : "all"))."</option>";
 			} ?></select>
 	</div>
 
@@ -57,7 +57,7 @@ require_once('inc_errors.php');
 		<?php echo getlocal("notifications.locale") ?><br/>
 		<select name="lang" onchange="this.form.submit();"><?php
 			foreach($page['locales'] as $k) {
-				echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("lang") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
+				echo "<option value=\"" . safe_htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("lang") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k["name"]) . "</option>";
 			} ?></select>
 	</div>
 
@@ -90,14 +90,14 @@ if( $page['pagination.items'] ) {
 	<tr>
 	<td class="notlast">
 		<a href="<?php echo $webimroot ?>/operator/notification.php?id=<?php echo urlencode($b['id']) ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/notification.php?id=<?php echo urlencode($b['id']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;" class="<?php echo $b['vckind'] == 'xmpp' ? 'xmpp' : 'mail' ?>">
-			<?php echo htmlspecialchars(shorten(topage($b['vcto']),30)) ?>
+			<?php echo safe_htmlspecialchars(shorten(topage($b['vcto']),30)) ?>
 		</a>
 	</td>
 	<td class="notlast">
-		<?php echo htmlspecialchars(shorten(topage($b['vcsubject']),30)) ?>
+		<?php echo safe_htmlspecialchars(shorten(topage($b['vcsubject']),30)) ?>
 	</td>
 	<td class="notlast">
-		<?php echo htmlspecialchars(shorten(topage($b['tmessage']),30)) ?>
+		<?php echo safe_htmlspecialchars(shorten(topage($b['tmessage']),30)) ?>
 	</td>
 	<td>
 		<?php echo date_to_text($b['created']) ?>
diff --git a/src/messenger/webim/view/operator_groups.php b/src/messenger/webim/view/operator_groups.php
index 92004640..2a68a686 100644
--- a/src/messenger/webim/view/operator_groups.php
+++ b/src/messenger/webim/view/operator_groups.php
@@ -36,28 +36,28 @@ require_once('inc_errors.php');
 
 <form name="opgroupsForm" method="post" action="<?php echo $webimroot ?>/operator/opgroups.php">
 <?php print_csrf_token_input() ?>
-<input type="hidden" name="op" value="<?php echo htmlspecialchars($page['opid']) ?>"/>
+<input type="hidden" name="op" value="<?php echo safe_htmlspecialchars($page['opid']) ?>"/>
 	<div>
 <?php print_tabbar(); ?>
 	<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
 
 	<p>
-		<b><?php echo htmlspecialchars($page['currentop']) ?>&lrm;</b>
+		<b><?php echo safe_htmlspecialchars($page['currentop']) ?>&lrm;</b>
 	</p>
 <?php foreach( $page['groups'] as $pm ) { ?>
 	<div class="field">
-		<div class="flabel"><?php echo htmlspecialchars(topage($pm['vclocalname'])) ?></div>
+		<div class="flabel"><?php echo safe_htmlspecialchars(topage($pm['vclocalname'])) ?></div>
 		<div class="fvalue">
-			<input type="checkbox" name="group<?php echo htmlspecialchars($pm['groupid']) ?>" value="on"<?php echo form_value_mb('group',$pm['groupid']) ? " checked=\"checked\"" : "" ?><?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/>
+			<input type="checkbox" name="group<?php echo safe_htmlspecialchars($pm['groupid']) ?>" value="on"<?php echo form_value_mb('group',$pm['groupid']) ? " checked=\"checked\"" : "" ?><?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/>
 		</div>
-		<div class="fdescr"> &mdash; <?php echo $pm['vclocaldescription'] ? htmlspecialchars(topage($pm['vclocaldescription'])) : getlocal("operator.group.no_description") ?></div>
+		<div class="fdescr"> &mdash; <?php echo $pm['vclocaldescription'] ? safe_htmlspecialchars(topage($pm['vclocaldescription'])) : getlocal("operator.group.no_description") ?></div>
 		<br clear="all"/>
 	</div>
 <?php } ?>
 
 <?php if($page['canmodify']) { ?>
 	<div class="fbutton">
-		<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
+		<input type="image" name="save" value="" src="<?php echo $webimroot . safe_htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo safe_htmlspecialchars(getlocal("button.save")) ?>"/>
 	</div>
 <?php } ?>
 	</div><div class="formbottom"><div class="formbottomi"></div></div></div>
diff --git a/src/messenger/webim/view/pending_users.php b/src/messenger/webim/view/pending_users.php
index 45bf188f..66b67916 100644
--- a/src/messenger/webim/view/pending_users.php
+++ b/src/messenger/webim/view/pending_users.php
@@ -25,17 +25,17 @@ function tpl_header() { global $page, $webimroot, $jsver;
 <script type="text/javascript" language="javascript" src="<?php echo $webimroot ?>/js/<?php echo $jsver ?>/common.js"></script>
 <script type="text/javascript" language="javascript"><!--
 var localized = new Array(
-    "<?php echo htmlspecialchars(getlocal("pending.table.speak")) ?>",
-    "<?php echo htmlspecialchars(getlocal("pending.table.view")) ?>",
-    "<?php echo htmlspecialchars(getlocal("pending.table.ban")) ?>",
-    "<?php echo htmlspecialchars(getlocal("pending.menu.show")) ?>",
-    "<?php echo htmlspecialchars(getlocal("pending.menu.hide")) ?>",
-    "<?php echo htmlspecialchars(getlocal("pending.popup_notification")) ?>"
+    "<?php echo safe_htmlspecialchars(getlocal("pending.table.speak")) ?>",
+    "<?php echo safe_htmlspecialchars(getlocal("pending.table.view")) ?>",
+    "<?php echo safe_htmlspecialchars(getlocal("pending.table.ban")) ?>",
+    "<?php echo safe_htmlspecialchars(getlocal("pending.menu.show")) ?>",
+    "<?php echo safe_htmlspecialchars(getlocal("pending.menu.hide")) ?>",
+    "<?php echo safe_htmlspecialchars(getlocal("pending.popup_notification")) ?>"
 );
 var updaterOptions = {
 	url:"<?php echo $webimroot ?>/operator/update.php",wroot:"<?php echo $webimroot ?>",
-	agentservl:"<?php echo $webimroot ?>/operator/agent.php", frequency:<?php echo htmlspecialchars($page['frequency']) ?>, istatus:<?php echo htmlspecialchars($page['istatus']) ?>,
-	noclients:"<?php echo htmlspecialchars(getlocal("clients.no_clients")) ?>", havemenu: <?php echo htmlspecialchars($page['havemenu']) ?>, showpopup: <?php echo htmlspecialchars($page['showpopup']) ?>, showonline: <?php echo htmlspecialchars($page['showonline']) ?> };
+	agentservl:"<?php echo $webimroot ?>/operator/agent.php", frequency:<?php echo safe_htmlspecialchars($page['frequency']) ?>, istatus:<?php echo safe_htmlspecialchars($page['istatus']) ?>,
+	noclients:"<?php echo safe_htmlspecialchars(getlocal("clients.no_clients")) ?>", havemenu: <?php echo safe_htmlspecialchars($page['havemenu']) ?>, showpopup: <?php echo safe_htmlspecialchars($page['showpopup']) ?>, showonline: <?php echo safe_htmlspecialchars($page['showonline']) ?> };
 //--></script>
 <script type="text/javascript" language="javascript" src="<?php echo $webimroot ?>/js/<?php echo $jsver ?>/users.js"></script>
 <?php
diff --git a/src/messenger/webim/view/performance.php b/src/messenger/webim/view/performance.php
index 2ab6b9af..61ee334d 100644
--- a/src/messenger/webim/view/performance.php
+++ b/src/messenger/webim/view/performance.php
@@ -96,7 +96,7 @@ require_once('inc_errors.php');
 		</div>
 		
 		<div class="fbutton">
-			<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
+			<input type="image" name="save" value="" src="<?php echo $webimroot . safe_htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo safe_htmlspecialchars(getlocal("button.save")) ?>"/>
 		</div>
 
 	</div>
diff --git a/src/messenger/webim/view/permissions.php b/src/messenger/webim/view/permissions.php
index 7ceda0e5..b2a5a4e7 100644
--- a/src/messenger/webim/view/permissions.php
+++ b/src/messenger/webim/view/permissions.php
@@ -36,24 +36,24 @@ require_once('inc_errors.php');
 
 <form name="permissionsForm" method="post" action="<?php echo $webimroot ?>/operator/permissions.php">
 <?php print_csrf_token_input() ?>
-<input type="hidden" name="op" value="<?php echo htmlspecialchars($page['opid']) ?>"/>
+<input type="hidden" name="op" value="<?php echo safe_htmlspecialchars($page['opid']) ?>"/>
 	<div>
 <?php print_tabbar(); ?>
 	<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
 
 	<p>
-		<b><?php echo htmlspecialchars($page['currentop']) ?>&lrm;</b>
+		<b><?php echo safe_htmlspecialchars($page['currentop']) ?>&lrm;</b>
 	</p>
 <?php foreach( $page['permissionsList'] as $pm ) { ?>
 	<label>
-		<input type="checkbox" name="permissions<?php echo htmlspecialchars($pm['id']) ?>" value="on"<?php echo form_value_mb('permissions',$pm['id']) ? " checked=\"checked\"" : "" ?><?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/> <?php echo htmlspecialchars($pm['descr']) ?>
+		<input type="checkbox" name="permissions<?php echo safe_htmlspecialchars($pm['id']) ?>" value="on"<?php echo form_value_mb('permissions',$pm['id']) ? " checked=\"checked\"" : "" ?><?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/> <?php echo safe_htmlspecialchars($pm['descr']) ?>
 	</label>
 	<br/>
 <?php } ?>
 
 <?php if($page['canmodify']) { ?>
 	<div class="fbutton">
-		<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
+		<input type="image" name="save" value="" src="<?php echo $webimroot . safe_htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo safe_htmlspecialchars(getlocal("button.save")) ?>"/>
 	</div>
 <?php } ?>
 	</div><div class="formbottom"><div class="formbottomi"></div></div></div>
diff --git a/src/messenger/webim/view/resetpwd.php b/src/messenger/webim/view/resetpwd.php
index 50777eb2..d1998825 100644
--- a/src/messenger/webim/view/resetpwd.php
+++ b/src/messenger/webim/view/resetpwd.php
@@ -46,8 +46,8 @@ function tpl_content() {
 ?>
 
 <form name="resetForm" method="post" action="<?php echo $webimroot ?>/operator/resetpwd.php">
-<input type="hidden" name="id" value="<?php echo htmlspecialchars($page['id']) ?>"/>
-<input type="hidden" name="token" value="<?php echo htmlspecialchars($page['token']) ?>"/>
+<input type="hidden" name="id" value="<?php echo safe_htmlspecialchars($page['id']) ?>"/>
+<input type="hidden" name="token" value="<?php echo safe_htmlspecialchars($page['token']) ?>"/>
 
 	<div id="loginpane">
 
diff --git a/src/messenger/webim/view/settings.php b/src/messenger/webim/view/settings.php
index 914bb107..df3bcf41 100644
--- a/src/messenger/webim/view/settings.php
+++ b/src/messenger/webim/view/settings.php
@@ -116,7 +116,7 @@ require_once('inc_errors.php');
 		<div class="field">
 			<div class="flabel"><?php echo getlocal('settings.chatstyle') ?></div>
 			<div class="fvalue">
-				<select name="chatstyle" ><?php foreach($page['availableStyles'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("chatstyle") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
+				<select name="chatstyle" ><?php foreach($page['availableStyles'] as $k) { echo "<option value=\"" . safe_htmlspecialchars($k) . "\"".($k == form_value("chatstyle") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k) . "</option>"; } ?></select>
 			</div>
 			<div class="fdescr"> &mdash; <?php echo getlocal('settings.chatstyle.description') ?></div>
 			<br clear="all"/>
@@ -133,7 +133,7 @@ require_once('inc_errors.php');
 		</div>
 
 		<div class="fbutton">
-			<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
+			<input type="image" name="save" value="" src="<?php echo $webimroot . safe_htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo safe_htmlspecialchars(getlocal("button.save")) ?>"/>
 		</div>
 
 	</div>
diff --git a/src/messenger/webim/view/statistics.php b/src/messenger/webim/view/statistics.php
index 5e3ead84..e82ea643 100644
--- a/src/messenger/webim/view/statistics.php
+++ b/src/messenger/webim/view/statistics.php
@@ -39,18 +39,18 @@ require_once('inc_errors.php');
 			<div class="fvaluenodesc">
 				<div class="searchctrl">
 					<?php echo getlocal("statistics.from") ?>
-					<select name="startday"><?php foreach($page['availableDays'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("startday") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
+					<select name="startday"><?php foreach($page['availableDays'] as $k) { echo "<option value=\"" . safe_htmlspecialchars($k) . "\"".($k == form_value("startday") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k) . "</option>"; } ?></select>
 
-					<select name="startmonth"><?php foreach($page['availableMonth'] as $k => $v) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("startmonth") ? " selected=\"selected\"" : "").">" . htmlspecialchars($v) . "</option>"; } ?></select>
+					<select name="startmonth"><?php foreach($page['availableMonth'] as $k => $v) { echo "<option value=\"" . safe_htmlspecialchars($k) . "\"".($k == form_value("startmonth") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($v) . "</option>"; } ?></select>
 				</div>
 				<div class="searchctrl">
 					<?php echo getlocal("statistics.till") ?>
-					<select name="endday"><?php foreach($page['availableDays'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("endday") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
+					<select name="endday"><?php foreach($page['availableDays'] as $k) { echo "<option value=\"" . safe_htmlspecialchars($k) . "\"".($k == form_value("endday") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k) . "</option>"; } ?></select>
 
-					<select name="endmonth"><?php foreach($page['availableMonth'] as $k => $v) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("endmonth") ? " selected=\"selected\"" : "").">" . htmlspecialchars($v) . "</option>"; } ?></select>
+					<select name="endmonth"><?php foreach($page['availableMonth'] as $k => $v) { echo "<option value=\"" . safe_htmlspecialchars($k) . "\"".($k == form_value("endmonth") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($v) . "</option>"; } ?></select>
 				</div>
 				<div id="searchbutton">
-					<input type="image" name="search" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.search")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.search")) ?>"/>
+					<input type="image" name="search" src="<?php echo $webimroot . safe_htmlspecialchars(getlocal("image.button.search")) ?>" alt="<?php echo safe_htmlspecialchars(getlocal("button.search")) ?>"/>
 				</div>
 			</div>
 			<br clear="all"/>
@@ -84,17 +84,17 @@ require_once('inc_errors.php');
 <?php if( $page['reportByDate'] ) { ?>
 	<?php foreach( $page['reportByDate'] as $row ) { ?>
 	<tr>
-		<td><?php echo htmlspecialchars($row['date']) ?></td>
-		<td><?php echo htmlspecialchars($row['threads']) ?></td>
-		<td><?php echo htmlspecialchars($row['agents']) ?></td>
-		<td><?php echo htmlspecialchars($row['users']) ?></td>
+		<td><?php echo safe_htmlspecialchars($row['date']) ?></td>
+		<td><?php echo safe_htmlspecialchars($row['threads']) ?></td>
+		<td><?php echo safe_htmlspecialchars($row['agents']) ?></td>
+		<td><?php echo safe_htmlspecialchars($row['users']) ?></td>
 	</tr>
 	<?php } ?>
 	<tr>
 		<td><b><?php echo getlocal("report.total") ?></b></td>
-		<td><?php echo htmlspecialchars($page['reportByDateTotal']['threads']) ?></td>
-		<td><?php echo htmlspecialchars($page['reportByDateTotal']['agents']) ?></td>
-		<td><?php echo htmlspecialchars($page['reportByDateTotal']['users']) ?></td>
+		<td><?php echo safe_htmlspecialchars($page['reportByDateTotal']['threads']) ?></td>
+		<td><?php echo safe_htmlspecialchars($page['reportByDateTotal']['agents']) ?></td>
+		<td><?php echo safe_htmlspecialchars($page['reportByDateTotal']['users']) ?></td>
 	</tr>
 <?php } else { ?>
 	<tr>
@@ -126,10 +126,10 @@ require_once('inc_errors.php');
 <?php if( $page['reportByAgent'] ) { ?>
 	<?php foreach( $page['reportByAgent'] as $row ) { ?>
 	<tr>
-		<td><?php echo topage(htmlspecialchars($row['name'])) ?></td>
-		<td><?php echo htmlspecialchars($row['threads']) ?></td>
-		<td><?php echo htmlspecialchars($row['msgs']) ?></td>
-		<td><?php echo htmlspecialchars($row['avglen']) ?></td>
+		<td><?php echo topage(safe_htmlspecialchars($row['name'])) ?></td>
+		<td><?php echo safe_htmlspecialchars($row['threads']) ?></td>
+		<td><?php echo safe_htmlspecialchars($row['msgs']) ?></td>
+		<td><?php echo safe_htmlspecialchars($row['avglen']) ?></td>
 	</tr>
 	<?php } ?>
 <?php } else { ?>
diff --git a/src/messenger/webim/view/themes.php b/src/messenger/webim/view/themes.php
index f0d42ebe..9b1a2895 100644
--- a/src/messenger/webim/view/themes.php
+++ b/src/messenger/webim/view/themes.php
@@ -37,13 +37,13 @@ function tpl_content() { global $page, $webimroot;
 		<div class="field">
 			<div class="flabel"><?php echo getlocal("page.preview.choose") ?></div>
 			<div class="fvaluenodesc">
-				<select name="preview" onchange="this.form.submit();"><?php foreach($page['availablePreviews'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("preview") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
+				<select name="preview" onchange="this.form.submit();"><?php foreach($page['availablePreviews'] as $k) { echo "<option value=\"" . safe_htmlspecialchars($k) . "\"".($k == form_value("preview") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k) . "</option>"; } ?></select>
 			</div>
 		</div>
 		<div class="field">
 			<div class="flabel"><?php echo getlocal("page.preview.choosetpl") ?></div>
 			<div class="fvaluenodesc">
-				<select name="template" onchange="this.form.submit();"><?php foreach($page['availableTemplates'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("template") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
+				<select name="template" onchange="this.form.submit();"><?php foreach($page['availableTemplates'] as $k) { echo "<option value=\"" . safe_htmlspecialchars($k) . "\"".($k == form_value("template") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k) . "</option>"; } ?></select>
 			</div>
 		</div>
 <?php if( $page['canshowerrors'] ) { ?>
@@ -57,11 +57,11 @@ function tpl_content() { global $page, $webimroot;
 <?php foreach( $page['previewList'] as $pp ) { ?>
 		<div class="field">
 			<div class="flabel">
-			<?php echo htmlspecialchars($pp['label']) ?>
-			<a href="<?php echo htmlspecialchars($page['showlink']) ?><?php echo htmlspecialchars($pp['id']) ?>" target="_blank" title="in separate window" onclick="this.newWindow = window.open('<?php echo htmlspecialchars($page['showlink']) ?><?php echo htmlspecialchars($pp['id']) ?>', '<?php echo htmlspecialchars($pp['id']) ?>', 'toolbar=0,scrollbars=0,location=0,statusbar=1,menubar=0,width=<?php echo htmlspecialchars($pp['w']) ?>,height=<?php echo htmlspecialchars($pp['h']) ?>,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;">link</a>
+			<?php echo safe_htmlspecialchars($pp['label']) ?>
+			<a href="<?php echo safe_htmlspecialchars($page['showlink']) ?><?php echo safe_htmlspecialchars($pp['id']) ?>" target="_blank" title="in separate window" onclick="this.newWindow = window.open('<?php echo safe_htmlspecialchars($page['showlink']) ?><?php echo safe_htmlspecialchars($pp['id']) ?>', '<?php echo safe_htmlspecialchars($pp['id']) ?>', 'toolbar=0,scrollbars=0,location=0,statusbar=1,menubar=0,width=<?php echo safe_htmlspecialchars($pp['w']) ?>,height=<?php echo safe_htmlspecialchars($pp['h']) ?>,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;">link</a>
 			</div>
 			<div class="fvalueframe">
-			<iframe id="sample<?php echo htmlspecialchars($pp['id']) ?>" width="<?php echo htmlspecialchars($pp['w']) ?>" height="<?php echo htmlspecialchars($pp['h']) ?>" src="<?php echo $page['showlink'] ?><?php echo htmlspecialchars($pp['id']) ?>" frameborder="0" scrolling="no">
+			<iframe id="sample<?php echo safe_htmlspecialchars($pp['id']) ?>" width="<?php echo safe_htmlspecialchars($pp['w']) ?>" height="<?php echo safe_htmlspecialchars($pp['h']) ?>" src="<?php echo $page['showlink'] ?><?php echo safe_htmlspecialchars($pp['id']) ?>" frameborder="0" scrolling="no">
 				No iframes
 			</iframe>
 			</div>
diff --git a/src/messenger/webim/view/thread_log.php b/src/messenger/webim/view/thread_log.php
index 744a5737..95489ef7 100644
--- a/src/messenger/webim/view/thread_log.php
+++ b/src/messenger/webim/view/thread_log.php
@@ -32,7 +32,7 @@ $chatthread = $page['thread'];
 			<?php echo getlocal("page.analysis.search.head_name") ?>:
 		</div> 
 		<div class="wvalue">
-			<?php echo topage(htmlspecialchars($chatthread['userName'])) ?>
+			<?php echo topage(safe_htmlspecialchars($chatthread['userName'])) ?>
 		</div>
 		<br clear="all"/>
 		
@@ -57,7 +57,7 @@ $chatthread = $page['thread'];
 				<?php echo getlocal("page.analysis.search.head_group") ?>:
 			</div>
 			<div class="wvalue">
-				<?php echo topage(htmlspecialchars($chatthread['groupName'])) ?>
+				<?php echo topage(safe_htmlspecialchars($chatthread['groupName'])) ?>
 			</div>
 			<br clear="all"/>
 		<?php } ?>
@@ -67,7 +67,7 @@ $chatthread = $page['thread'];
 				<?php echo getlocal("page.analysis.search.head_operator") ?>:
 			</div>
 			<div class="wvalue">
-				<?php echo topage(htmlspecialchars($chatthread['agentName'])) ?>
+				<?php echo topage(safe_htmlspecialchars($chatthread['agentName'])) ?>
 			</div>
 			<br clear="all"/>
 		<?php } ?>
diff --git a/src/messenger/webim/view/thread_search.php b/src/messenger/webim/view/thread_search.php
index 55016e62..82a57e14 100644
--- a/src/messenger/webim/view/thread_search.php
+++ b/src/messenger/webim/view/thread_search.php
@@ -37,7 +37,7 @@ function tpl_content() { global $page, $webimroot;
 					<input type="text" name="q" size="80" value="<?php echo form_value('q') ?>" class="formauth"/>
 				</div>
 				<div id="searchbutton">
-					<input type="image" name="search" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.search")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.search")) ?>"/>
+					<input type="image" name="search" src="<?php echo $webimroot . safe_htmlspecialchars(getlocal("image.button.search")) ?>" alt="<?php echo safe_htmlspecialchars(getlocal("button.search")) ?>"/>
 				</div>
 			</div>
 			<br clear="all"/>
@@ -72,21 +72,21 @@ if( $page['pagination.items'] ) {
 	foreach( $page['pagination.items'] as $chatthread ) { ?>
 	<tr>
 		<td>
-			<a href="<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo urlencode($chatthread['threadid']) ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo urlencode($chatthread['threadid']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo topage(htmlspecialchars($chatthread['userName'])) ?></a>
+			<a href="<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo urlencode($chatthread['threadid']) ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo urlencode($chatthread['threadid']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo topage(safe_htmlspecialchars($chatthread['userName'])) ?></a>
 		</td>
 		<td>
 		<?php echo get_user_addr(topage($chatthread['remote'])) ?>
 		</td>
 		<td>
 		<?php if( $chatthread['agentName'] ) {
-			echo topage(htmlspecialchars($chatthread['agentName']));
+			echo topage(safe_htmlspecialchars($chatthread['agentName']));
 		} else if($chatthread['groupid'] && $chatthread['groupid'] != 0 && isset($page['groupName'][$chatthread['groupid']])) {
-			echo "- ".topage(htmlspecialchars($page['groupName'][$chatthread['groupid']]))." -";
+			echo "- ".topage(safe_htmlspecialchars($page['groupName'][$chatthread['groupid']]))." -";
 		}
 		?>
 		</td>
 		<td>
-		<?php echo topage(htmlspecialchars($chatthread['size'])) ?>
+		<?php echo topage(safe_htmlspecialchars($chatthread['size'])) ?>
 		</td>
 		<td>
 			<?php echo date_diff_to_text($chatthread['modified']-$chatthread['created']) ?>, <?php echo date_to_text($chatthread['created']) ?>
diff --git a/src/messenger/webim/view/translate.php b/src/messenger/webim/view/translate.php
index 950f6348..73251759 100644
--- a/src/messenger/webim/view/translate.php
+++ b/src/messenger/webim/view/translate.php
@@ -41,27 +41,27 @@ require_once('inc_errors.php');
 
 <form name="translateForm" method="post" action="<?php echo $webimroot ?>/operator/translate.php">
 <?php print_csrf_token_input() ?>
-<input type="hidden" name="key" value="<?php echo htmlspecialchars($page['key']) ?>"/>
-<input type="hidden" name="target" value="<?php echo htmlspecialchars($page['target']) ?>"/>
+<input type="hidden" name="key" value="<?php echo safe_htmlspecialchars($page['key']) ?>"/>
+<input type="hidden" name="target" value="<?php echo safe_htmlspecialchars($page['target']) ?>"/>
 	<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
 
 	<div class="fieldForm">
 		<div class="field">
-			<div class="flabel"><?php echo htmlspecialchars($page['title1']) ?></div>
+			<div class="flabel"><?php echo safe_htmlspecialchars($page['title1']) ?></div>
 			<div class="fvaluenodesc">
 				<textarea name="original" disabled="disabled" cols="20" rows="5" class="wide"><?php echo form_value('original') ?></textarea>
 			</div>
 		</div>
 
 		<div class="field">
-			<div class="flabel"><?php echo htmlspecialchars($page['title2']) ?></div>
+			<div class="flabel"><?php echo safe_htmlspecialchars($page['title2']) ?></div>
 			<div class="fvaluenodesc">
 				<textarea name="translation" cols="20" rows="5" class="wide"><?php echo form_value('translation') ?></textarea>
 			</div>
 		</div>
 
 		<div class="fbutton">
-			<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
+			<input type="image" name="save" value="" src="<?php echo $webimroot . safe_htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo safe_htmlspecialchars(getlocal("button.save")) ?>"/>
 		</div>
 	</div>
 
diff --git a/src/messenger/webim/view/translatelist.php b/src/messenger/webim/view/translatelist.php
index 37d84e13..b360986c 100644
--- a/src/messenger/webim/view/translatelist.php
+++ b/src/messenger/webim/view/translatelist.php
@@ -34,12 +34,12 @@ function tpl_content() { global $page, $webimroot;
 		<?php echo getlocal("translate.direction") ?><br/>
 		<select name="source" onchange="this.form.submit();"><?php 
 			foreach($page['availableLocales'] as $k) { 
-				echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("source") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
+				echo "<option value=\"" . safe_htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("source") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k["name"]) . "</option>";
 			} ?></select>
 		=&gt;
 		<select name="target" onchange="this.form.submit();"><?php
 			foreach($page['availableLocales'] as $k) { 
-				echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("target") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
+				echo "<option value=\"" . safe_htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("target") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k["name"]) . "</option>";
 			} ?></select>
 	</div>
 
@@ -47,7 +47,7 @@ function tpl_content() { global $page, $webimroot;
 		<?php echo getlocal("translate.sort") ?><br/>
 		<select name="sort" onchange="this.form.submit();"><?php
 			foreach($page['availableOrders'] as $k) {
-				echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("sort") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
+				echo "<option value=\"" . safe_htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("sort") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k["name"]) . "</option>";
 			} ?></select>
 	</div>
 
@@ -55,7 +55,7 @@ function tpl_content() { global $page, $webimroot;
 		<?php echo getlocal("translate.show") ?><br/>
 		<select name="show" onchange="this.form.submit();"><?php 
 			foreach($page['showOptions'] as $k) { 
-				echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("show") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
+				echo "<option value=\"" . safe_htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("show") ? " selected=\"selected\"" : "").">" . safe_htmlspecialchars($k["name"]) . "</option>";
 			} ?></select>
 	</div>
 
@@ -78,9 +78,9 @@ if( $page['pagination'] ) {
 	<tr class="header"><th>
 		Key
 	</th><th>
-		<?php echo htmlspecialchars(topage($page['title1'])) ?>
+		<?php echo safe_htmlspecialchars(topage($page['title1'])) ?>
 	</th><th>
-		<?php echo htmlspecialchars(topage($page['title2'])) ?>
+		<?php echo safe_htmlspecialchars(topage($page['title2'])) ?>
 	</th></tr>
 </thead>
 <tbody>
@@ -89,7 +89,7 @@ if( $page['pagination.items'] ) {
 	foreach( $page['pagination.items'] as $localstr ) { ?>
 	<tr>
 		<td>
-			<a href="<?php echo $webimroot ?>/operator/translate.php?source=<?php echo urlencode($page['lang1']) ?>&amp;target=<?php echo urlencode($page['lang2']) ?>&amp;key=<?php echo urlencode($localstr['id']) ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/translate.php?source=<?php echo urlencode($page['lang1']) ?>&amp;target=<?php echo urlencode($page['lang2']) ?>&amp;key=<?php echo urlencode($localstr['id']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=640,height=480,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo htmlspecialchars(topage($localstr['id'])) ?></a>
+			<a href="<?php echo $webimroot ?>/operator/translate.php?source=<?php echo urlencode($page['lang1']) ?>&amp;target=<?php echo urlencode($page['lang2']) ?>&amp;key=<?php echo urlencode($localstr['id']) ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/translate.php?source=<?php echo urlencode($page['lang1']) ?>&amp;target=<?php echo urlencode($page['lang2']) ?>&amp;key=<?php echo urlencode($localstr['id']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=640,height=480,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo safe_htmlspecialchars(topage($localstr['id'])) ?></a>
 		</td>
 		<td>
 			<?php echo topage($localstr['l1']) ?>
diff --git a/src/messenger/webim/view/updates.php b/src/messenger/webim/view/updates.php
index 662083cb..6fe0ad2f 100644
--- a/src/messenger/webim/view/updates.php
+++ b/src/messenger/webim/view/updates.php
@@ -41,7 +41,7 @@ function tpl_content() { global $page, $webimroot;
 		</div>
 		
 		<?php echo getlocal("updates.current")?><br/>
-			<div id="cver"><?php echo htmlspecialchars($page['version']) ?></div>
+			<div id="cver"><?php echo safe_htmlspecialchars($page['version']) ?></div>
 
 		<br/>
 
@@ -52,13 +52,13 @@ function tpl_content() { global $page, $webimroot;
 			
 		<?php echo getlocal("updates.installed_locales")?><br/>
 			<?php foreach( $page['localizations'] as $loc ) { ?>
-				<?php echo htmlspecialchars($loc) ?>
+				<?php echo safe_htmlspecialchars($loc) ?>
 			<?php } ?>
 
 		<br/><br/>
 
 		<?php echo getlocal("updates.env")?><br/>
-			PHP <?php echo htmlspecialchars($page['phpVersion']) ?>
+			PHP <?php echo safe_htmlspecialchars($page['phpVersion']) ?>
 
 	</div><div class="formbottom"><div class="formbottomi"></div></div></div>
 </div>
diff --git a/src/messenger/webim/view/userhistory.php b/src/messenger/webim/view/userhistory.php
index fe2d363a..2c2a5eba 100644
--- a/src/messenger/webim/view/userhistory.php
+++ b/src/messenger/webim/view/userhistory.php
@@ -46,13 +46,13 @@ if( $page['pagination.items'] ) {
 	foreach( $page['pagination.items'] as $chatthread ) { ?>
 	<tr>
 		<td>
-			<a href="<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo urlencode($chatthread['threadid']) ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo urlencode($chatthread['threadid']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo topage(htmlspecialchars($chatthread['userName'])) ?></a>
+			<a href="<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo urlencode($chatthread['threadid']) ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo urlencode($chatthread['threadid']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo topage(safe_htmlspecialchars($chatthread['userName'])) ?></a>
 		</td>
 		<td>
 		<?php echo get_user_addr(topage($chatthread['remote'])) ?>
 		</td>
 		<td>
-		<?php if( $chatthread['agentName'] ) { ?><?php echo topage(htmlspecialchars($chatthread['agentName'])) ?><?php } ?>
+		<?php if( $chatthread['agentName'] ) { ?><?php echo topage(safe_htmlspecialchars($chatthread['agentName'])) ?><?php } ?>
 		</td>
 		<td>
 			<?php echo date_diff_to_text($chatthread['modified']-$chatthread['created']) ?>, <?php echo date_to_text($chatthread['created']) ?>