Index: core/admin_templates/tree.tpl
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- core/admin_templates/tree.tpl	(revision 15892)
+++ core/admin_templates/tree.tpl	(revision )
@@ -47,9 +47,9 @@
 		<td colspan="2" style="vertical-align: top; padding: 5px;">
 			<inp2:m_DefineElement name="xml_node" icon_module="">
 				<inp2:m_if check="m_ParamEquals" param="children_count" value="0">
-					<item href="<inp2:m_param name='section_url' js_escape='1'/>" priority="<inp2:m_param name='priority'/>" onclick="<inp2:m_param name='onclick' js_escape='1'/>" icon="<inp2:$SectionPrefix_ModulePath module='$icon_module'/>img/icons/icon24_<inp2:m_param name='icon'/>.png"<inp2:m_if check="m_Param" name="debug_only"> debug_only="1"</inp2:m_if>><inp2:m_phrase name="$label" escape="1"/></item>
+					<item href="<inp2:m_param name='section_url' html_escape='1'/>" priority="<inp2:m_param name='priority' html_escape='1'/>" onclick="<inp2:m_param name='onclick' html_escape='1'/>" icon="<inp2:$SectionPrefix_ModulePath module='$icon_module'/>img/icons/icon24_<inp2:m_param name='icon'/>.png"<inp2:m_if check="m_Param" name="debug_only"> debug_only="1"</inp2:m_if>><inp2:m_phrase name="$label" html_escape="1"/></item>
 				<inp2:m_else/>
-					<folder href="<inp2:m_param name='section_url' js_escape='1'/>" priority="<inp2:m_param name='priority'/>" container="<inp2:m_param name='container'/>" onclick="<inp2:m_param name='onclick' js_escape='1'/>" name="<inp2:m_phrase name='$label' escape='1'/>" icon="<inp2:$SectionPrefix_ModulePath module="$icon_module"/>img/icons/icon24_<inp2:m_param name='icon'/>.png" load_url="<inp2:m_param name='late_load' js_escape='1'/>"<inp2:m_if check="m_Param" name="debug_only"> debug_only="1"</inp2:m_if>><inp2:adm_PrintSections render_as="xml_node" section_name="$section_name"/></folder>
+					<folder href="<inp2:m_param name='section_url' html_escape='1'/>" priority="<inp2:m_param name='priority' html_escape='1'/>" container="<inp2:m_param name='container' html_escape='1'/>" onclick="<inp2:m_param name='onclick' html_escape='1'/>" name="<inp2:m_phrase name='$label' html_escape='1'/>" icon="<inp2:$SectionPrefix_ModulePath module="$icon_module"/>img/icons/icon24_<inp2:m_param name='icon'/>.png" load_url="<inp2:m_param name='late_load' html_escape='1'/>"<inp2:m_if check="m_Param" name="debug_only"> debug_only="1"</inp2:m_if>><inp2:adm_PrintSections render_as="xml_node" section_name="$section_name"/></folder>
 				</inp2:m_if>
 			</inp2:m_DefineElement>
 
@@ -66,11 +66,11 @@
 				};
 
 				<inp2:m_DefineElement name="root_node">
-					var the_tree = new TreeFolder('tree', '<inp2:m_param name="label" js_escape="1"/>', '<inp2:m_param name="section_url" js_escape="1"/>', '<inp2:$SectionPrefix_ModulePath module="$icon_module"/>img/icons/icon24_<inp2:m_param name="icon"/>.png', null, null, '<inp2:m_param name="priority"/>', '<inp2:m_param name="container"/>');
+					var the_tree = new TreeFolder('tree', '<inp2:m_param name="label" js_escape="1"/>', '<inp2:m_param name="section_url" js_escape="1"/>', '<inp2:$SectionPrefix_ModulePath module="$icon_module"/>img/icons/icon24_<inp2:m_param name="icon"/>.png', null, null, '<inp2:m_param name="priority" js_escape='1'/>', '<inp2:m_param name="container" js_escape="1"/>');
 				</inp2:m_DefineElement>
 				<inp2:adm_PrintSection render_as="root_node" section_name="in-portal:root"/>
 
-				the_tree.AddFromXML('<tree><inp2:adm_PrintSections render_as="xml_node" section_name="in-portal:root"/></tree>');
+				the_tree.AddFromXML('<tree><inp2:adm_PrintSections render_as="xml_node" section_name="in-portal:root" js_escape="1"/></tree>');
 
 				<inp2:m_if check="adm_MainFrameLink">
 					var fld = the_tree.locateItemByURL('<inp2:adm_MainFrameLink m_opener="r" no_amp="1"/>');
\ No newline at end of file
Index: core/kernel/processors/main_processor.php
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- core/kernel/processors/main_processor.php	(revision 15892)
+++ core/kernel/processors/main_processor.php	(revision )
@@ -610,7 +610,8 @@
 		}
 
 		if ( isset($params['escape']) && $params['escape'] ) {
-			$translation = kUtil::escape($translation, kUtil::ESCAPE_HTML . '+' . kUtil::ESCAPE_JS);
+			// html escaping here is redundant
+			$translation = kUtil::escape($translation, kUtil::ESCAPE_JS);
 		}
 
 		return $translation;
Index: core/admin_templates/js/toolbar.js
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- core/admin_templates/js/toolbar.js	(revision 15892)
+++ core/admin_templates/js/toolbar.js	(revision )
@@ -3,10 +3,10 @@
 	this.Title = title || '';
 	this.TranslateLink = false;
 	this.CheckTitleModule();
-	this.Alt = RemoveTranslationLink(alt || '');
+	this.Alt = RemoveTranslationLink(alt || '', false);
 	if (this.Alt != alt) {
 		this.TranslateLink = alt || '';
-		this.TranslateLink = this.TranslateLink.replace(/&lt;a href=&quot;(.*?)&quot;.*&gt;(.*?)&lt;\/a&gt;/g, '$1');
+		this.TranslateLink = this.TranslateLink.replace(/<a href="(.*?)".*>(.*?)<\/a>/g, '$1');
 	}
 
 	if (this.Alt.match(/(.*)::(.*)/)) {
@@ -111,33 +111,28 @@
 }
 
 ToolBarButton.prototype.EditTitle = function() {
-	if (this.TranslateLink !== false && !this.ReadOnly) {
-		var $links = this.TranslateLink;
-
-		$links = $links.split('::');
-		var $i = 0;
-		while ($i < $links.length) {
-			var $link = $links[$i];
-			if ($link.match(/(javascript:|http:\/\/)(.*)/)) {
-				var $link_type = RegExp.$1;
-				$link = RegExp.$2.replace(/&#[0]{0,1}39;/g, '"');
-				if ($link_type == 'javascript:') {
-					eval($link);
+	if ( this.TranslateLink === false || this.ReadOnly ) {
+		return true;
-				}
+	}
-				else {
-					window.location.href = 'http://' + $link;
-				}
 
+	var	$link = '',
+		$links = this.TranslateLink.split('::');
+
-				// edit one phrase at a time
+	// edit one phrase at a time
+	for ( var $i = 0; $i < $links.length; $i++ ) {
+		$link = htmlspecialchars_decode($links[$i]);
+
+		if ( $link.match(/^javascript:(.*)/) ) {
+			eval(RegExp.$1);
-				break;
-			}
+			break;
+		}
-			$i++;
+		else if ( $link.match(/^http:\/\/(.*)/) ) {
+			window.location.href = 'http://' + RegExp.$1;
+			break;
 		}
-
-		return false;
 	}
 
-	return true;
+	return false;
 }
 
 ToolBarButton.prototype.SetOnMouseOver = function() {
Index: core/kernel/languages/phrases_cache.php
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- core/kernel/languages/phrases_cache.php	(revision 15892)
+++ core/kernel/languages/phrases_cache.php	(revision )
@@ -114,6 +114,7 @@
 					'phrases_label' => '#LABEL#',
 					'phrases_event' => 'OnPreparePhrase',
 					'next_template' => kUtil::escape('external:' . $_SERVER['REQUEST_URI'], kUtil::ESCAPE_URL),
+					'__URLENCODE__' => 1,
 					'pass' => 'm,phrases'
 				);
 
\ No newline at end of file
Index: core/admin_templates/js/script.js
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- core/admin_templates/js/script.js	(revision 15892)
+++ core/admin_templates/js/script.js	(revision )
@@ -961,6 +961,15 @@
 //	$grid.Resize( $grid.GetAutoSize() );
 }
 
+function htmlspecialchars_decode(string) {
+	string = string.toString().replace(/&lt;/g, '<').replace(/&gt;/g, '>');
+	string = string.replace(/&#0*39;/g, "'");
+	string = string.replace(/&quot;/g, '"');
+	string = string.replace(/&amp;/g, '&');
+
+	return string;
+}
+
 function RemoveTranslationLink($string, $escaped) {
 	if ( !isset($escaped) ) $escaped = true;
 
\ No newline at end of file