diff --git a/apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java b/apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
index db5ec397f..1393238a3 100644
--- a/apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
+++ b/apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
@@ -159,6 +159,8 @@ public class I2PSnarkServlet extends BasicServlet {
         // this is the part after /i2psnark
         String path = req.getServletPath();
         resp.setHeader("X-Frame-Options", "SAMEORIGIN");
+        resp.setHeader("Content-Security-Policy", "default-src 'self'");
+        resp.setHeader("X-XSS-Protection", "1; mode=block");
 
         String peerParam = req.getParameter("p");
         String stParam = req.getParameter("st");
@@ -167,9 +169,10 @@ public class I2PSnarkServlet extends BasicServlet {
             peerParam.replaceAll("[a-zA-Z0-9~=-]", "").length() > 0) {  // XSS
             peerString = "";
         } else {
-            peerString = "?p=" + peerParam;
+            peerString = "?p=" + DataHelper.stripHTML(peerParam);
         }
         if (stParam != null && !stParam.equals("0")) {
+            stParam = DataHelper.stripHTML(stParam);
             if (peerString.length() > 0)
                 peerString += "&st=" + stParam;
             else
diff --git a/apps/i2ptunnel/jsp/edit.jsp b/apps/i2ptunnel/jsp/edit.jsp
index c61d4de71..bbe562eef 100644
--- a/apps/i2ptunnel/jsp/edit.jsp
+++ b/apps/i2ptunnel/jsp/edit.jsp
@@ -2,6 +2,8 @@
     // NOTE: Do the header carefully so there is no whitespace before the <?xml... line
 
     response.setHeader("X-Frame-Options", "SAMEORIGIN");
+    response.setHeader("Content-Security-Policy", "default-src 'self'");
+    response.setHeader("X-XSS-Protection", "1; mode=block");
 
 %><%@page pageEncoding="UTF-8"
 %><%@page trimDirectiveWhitespaces="true"
diff --git a/apps/i2ptunnel/jsp/editClient.jsp b/apps/i2ptunnel/jsp/editClient.jsp
index 6ac65d76f..e612efaa7 100644
--- a/apps/i2ptunnel/jsp/editClient.jsp
+++ b/apps/i2ptunnel/jsp/editClient.jsp
@@ -52,10 +52,10 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
                   %><h4><%=intl._("Edit proxy settings")%></h4><% 
                 } else {
                     tunnelTypeName = editBean.getTypeName(request.getParameter("type"));
-                    tunnelType = request.getParameter("type");
+                    tunnelType = net.i2p.data.DataHelper.stripHTML(request.getParameter("type"));
                   %><h4><%=intl._("New proxy settings")%></h4><% 
                 } %>
-                <input type="hidden" name="tunnel" value="<%=request.getParameter("tunnel")%>" />
+                <input type="hidden" name="tunnel" value="<%=curTunnel%>" />
                 <input type="hidden" name="nonce" value="<%=editBean.getNextNonce()%>" />
                 <input type="hidden" name="type" value="<%=tunnelType%>" />
                 <input type="submit" class="default" name="action" value="Save changes" />
diff --git a/apps/i2ptunnel/jsp/editServer.jsp b/apps/i2ptunnel/jsp/editServer.jsp
index 437f8775b..cc3601eda 100644
--- a/apps/i2ptunnel/jsp/editServer.jsp
+++ b/apps/i2ptunnel/jsp/editServer.jsp
@@ -52,10 +52,10 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
                   %><h4><%=intl._("Edit server settings")%></h4><% 
                 } else {
                     tunnelTypeName = editBean.getTypeName(request.getParameter("type"));
-                    tunnelType = request.getParameter("type");
+                    tunnelType = net.i2p.data.DataHelper.stripHTML(request.getParameter("type"));
                   %><h4><%=intl._("New server settings")%></h4><% 
                 } %>
-                <input type="hidden" name="tunnel" value="<%=request.getParameter("tunnel")%>" />
+                <input type="hidden" name="tunnel" value="<%=curTunnel%>" />
                 <input type="hidden" name="nonce" value="<%=editBean.getNextNonce()%>" />
                 <input type="hidden" name="type" value="<%=tunnelType%>" />
                 <input type="submit" class="default" name="action" value="Save changes" />
diff --git a/apps/i2ptunnel/jsp/index.jsp b/apps/i2ptunnel/jsp/index.jsp
index 5f7140a21..8a401d68b 100644
--- a/apps/i2ptunnel/jsp/index.jsp
+++ b/apps/i2ptunnel/jsp/index.jsp
@@ -6,6 +6,8 @@
         request.setCharacterEncoding("UTF-8");
 
     response.setHeader("X-Frame-Options", "SAMEORIGIN");
+    response.setHeader("Content-Security-Policy", "default-src 'self'");
+    response.setHeader("X-XSS-Protection", "1; mode=block");
 
 %><%@page pageEncoding="UTF-8"
 %><%@page trimDirectiveWhitespaces="true"
diff --git a/apps/i2ptunnel/jsp/wizard.jsp b/apps/i2ptunnel/jsp/wizard.jsp
index 52ae0336b..b885b5afe 100644
--- a/apps/i2ptunnel/jsp/wizard.jsp
+++ b/apps/i2ptunnel/jsp/wizard.jsp
@@ -6,6 +6,8 @@
         request.setCharacterEncoding("UTF-8");
 
     response.setHeader("X-Frame-Options", "SAMEORIGIN");
+    response.setHeader("Content-Security-Policy", "default-src 'self'");
+    response.setHeader("X-XSS-Protection", "1; mode=block");
 
 %><%@page pageEncoding="UTF-8"
 %><%@page contentType="text/html" import="net.i2p.i2ptunnel.web.EditBean"
@@ -39,6 +41,7 @@
    /* Fetch and format a couple of regularly-used values */
    boolean tunnelIsClient = Boolean.valueOf(request.getParameter("isClient"));
    String tunnelType = request.getParameter("type");
+   tunnelType = net.i2p.data.DataHelper.stripHTML(tunnelType);
    /* Special case - don't display page 4 for server tunnels */
    if (curPage == 4 && !tunnelIsClient) {
      if ("Previous page".equals(request.getParameter("action"))) {
@@ -224,17 +227,17 @@
                 <label for="name" accesskey="N">
                     <%=intl._("Name")%>:(<span class="accessKey">N</span>)
                 </label>
-                <input type="text" size="30" maxlength="50" name="name" id="name" title="Tunnel Name" value="<%=(!"null".equals(request.getParameter("name")) ? request.getParameter("name") : "" ) %>" class="freetext" />
+                <input type="text" size="30" maxlength="50" name="name" id="name" title="Tunnel Name" value="<%=(!"null".equals(request.getParameter("name")) ? net.i2p.data.DataHelper.stripHTML(request.getParameter("name")) : "" ) %>" class="freetext" />
             </div>
             <div id="descriptionField" class="rowItem">
                 <label for="description" accesskey="e">
                     <%=intl._("Description")%>:(<span class="accessKey">E</span>)
                 </label>
-                <input type="text" size="60" maxlength="80" name="description"  id="description" title="Tunnel Description" value="<%=(!"null".equals(request.getParameter("description")) ? request.getParameter("description") : "" ) %>" class="freetext" />
+                <input type="text" size="60" maxlength="80" name="description"  id="description" title="Tunnel Description" value="<%=(!"null".equals(request.getParameter("description")) ? net.i2p.data.DataHelper.stripHTML(request.getParameter("description")) : "" ) %>" class="freetext" />
             </div><%
             } else {
-            %><input type="hidden" name="name" value="<%=request.getParameter("name")%>" />
-            <input type="hidden" name="description" value="<%=request.getParameter("description")%>" /><%
+            %><input type="hidden" name="name" value="<%=net.i2p.data.DataHelper.stripHTML(request.getParameter("name"))%>" />
+            <input type="hidden" name="description" value="<%=net.i2p.data.DataHelper.stripHTML(request.getParameter("description"))%>" /><%
             } /* curPage 3 */
 
                /* End page 3 */ %>
@@ -252,10 +255,10 @@
                 <label for="proxyList" accesskey="x">
                     <%=intl._("Outproxies")%>(<span class="accessKey">x</span>):
                 </label>
-                <input type="text" size="30" id="proxyList" name="proxyList" title="List of Outproxy I2P destinations" value="<%=(!"null".equals(request.getParameter("proxyList")) ? request.getParameter("proxyList") : "" ) %>" class="freetext" />
+                <input type="text" size="30" id="proxyList" name="proxyList" title="List of Outproxy I2P destinations" value="<%=(!"null".equals(request.getParameter("proxyList")) ? net.i2p.data.DataHelper.stripHTML(request.getParameter("proxyList")) : "" ) %>" class="freetext" />
             </div><%
                 } else {
-            %><input type="hidden" name="proxyList" value="<%=request.getParameter("proxyList")%>" /><%
+            %><input type="hidden" name="proxyList" value="<%=net.i2p.data.DataHelper.stripHTML(request.getParameter("proxyList"))%>" /><%
                 } /* curPage 4 */
               } else if ("client".equals(tunnelType) || "ircclient".equals(tunnelType) || "streamrclient".equals(tunnelType)) {
                 if (curPage == 4) {
@@ -267,7 +270,7 @@
                 <label for="targetDestination" accesskey="T">
                     <%=intl._("Tunnel Destination")%>(<span class="accessKey">T</span>):
                 </label>
-                <input type="text" size="30" id="targetDestination" name="targetDestination" title="Destination of the Tunnel" value="<%=(!"null".equals(request.getParameter("targetDestination")) ? request.getParameter("targetDestination") : "" ) %>" class="freetext" />
+                <input type="text" size="30" id="targetDestination" name="targetDestination" title="Destination of the Tunnel" value="<%=(!"null".equals(request.getParameter("targetDestination")) ? net.i2p.data.DataHelper.stripHTML(request.getParameter("targetDestination")) : "" ) %>" class="freetext" />
                 <span class="comment">(<%=intl._("name, name:port, or destination")%>
                      <% if ("streamrclient".equals(tunnelType)) { /* deferred resolution unimplemented in streamr client */ %>
                          - <%=intl._("b32 not recommended")%>
@@ -275,7 +278,7 @@
                 </span>
             </div><%
                 } else {
-            %><input type="hidden" name="targetDestination" value="<%=request.getParameter("targetDestination")%>" /><%
+            %><input type="hidden" name="targetDestination" value="<%=net.i2p.data.DataHelper.stripHTML(request.getParameter("targetDestination"))%>" /><%
                 } /* curPage 4 */
               }
             } /* tunnelIsClient */
@@ -294,10 +297,10 @@
                 <label for="targetHost" accesskey="H">
                     <%=intl._("Host")%>(<span class="accessKey">H</span>):
                 </label>
-                <input type="text" size="20" id="targetHost" name="targetHost" title="Target Hostname or IP" value="<%=(!"null".equals(request.getParameter("targetHost")) ? request.getParameter("targetHost") : "127.0.0.1" ) %>" class="freetext" />
+                <input type="text" size="20" id="targetHost" name="targetHost" title="Target Hostname or IP" value="<%=(!"null".equals(request.getParameter("targetHost")) ? net.i2p.data.DataHelper.stripHTML(request.getParameter("targetHost")) : "127.0.0.1" ) %>" class="freetext" />
             </div><%
               } else {
-            %><input type="hidden" name="targetHost" value="<%=request.getParameter("targetHost")%>" /><%
+            %><input type="hidden" name="targetHost" value="<%=net.i2p.data.DataHelper.stripHTML(request.getParameter("targetHost"))%>" /><%
               } /* curPage 5 */
             } /* streamrclient or !streamrserver */ %>
             <%
@@ -310,10 +313,10 @@
                 <label for="targetPort" accesskey="P">
                     <%=intl._("Port")%>(<span class="accessKey">P</span>):
                 </label>
-                <input type="text" size="6" maxlength="5" id="targetPort" name="targetPort" title="Target Port Number" value="<%=(!"null".equals(request.getParameter("targetPort")) ? request.getParameter("targetPort") : "" ) %>" class="freetext" />
+                <input type="text" size="6" maxlength="5" id="targetPort" name="targetPort" title="Target Port Number" value="<%=(!"null".equals(request.getParameter("targetPort")) ? net.i2p.data.DataHelper.stripHTML(request.getParameter("targetPort")) : "" ) %>" class="freetext" />
             </div><%
               } else {
-            %><input type="hidden" name="targetPort" value="<%=request.getParameter("targetPort")%>" /><%
+            %><input type="hidden" name="targetPort" value="<%=net.i2p.data.DataHelper.stripHTML(request.getParameter("targetPort"))%>" /><%
               } /* curPage 5 */
             } /* !tunnelIsClient */ %>
             <%
@@ -327,10 +330,10 @@
                 <label for="port" accesskey="P">
                     <span class="accessKey">P</span>ort:
                 </label>
-                <input type="text" size="6" maxlength="5" id="port" name="port" title="Access Port Number" value="<%=(!"null".equals(request.getParameter("port")) ? request.getParameter("port") : "" ) %>" class="freetext" />
+                <input type="text" size="6" maxlength="5" id="port" name="port" title="Access Port Number" value="<%=(!"null".equals(request.getParameter("port")) ? net.i2p.data.DataHelper.stripHTML(request.getParameter("port")) : "" ) %>" class="freetext" />
             </div><%
               } else {
-            %><input type="hidden" name="port" value="<%=request.getParameter("port")%>" /><%
+            %><input type="hidden" name="port" value="<%=net.i2p.data.DataHelper.stripHTML(request.getParameter("port"))%>" /><%
               } /* curPage 5 */
             } /* tunnelIsClient or httpbidirserver */ %>
             <%
@@ -366,7 +369,7 @@
                 </select>
             </div><%
               } else {
-            %><input type="hidden" name="reachableBy" value="<%=request.getParameter("reachableBy")%>" /><%
+            %><input type="hidden" name="reachableBy" value="<%=net.i2p.data.DataHelper.stripHTML(request.getParameter("reachableBy"))%>" /><%
               } /* curPage 5 */
             } /* (tunnelIsClient && !streamrclient) ||  httpbidirserver || streamrserver */
 
@@ -388,7 +391,7 @@
             </div><%
             } else {
               if ("1".equals(request.getParameter("startOnLoad"))) {
-            %><input type="hidden" name="startOnLoad" value="<%=request.getParameter("startOnLoad")%>" /><%
+            %><input type="hidden" name="startOnLoad" value="<%=net.i2p.data.DataHelper.stripHTML(request.getParameter("startOnLoad"))%>" /><%
               }
             } /* curPage 6 */
 
@@ -436,30 +439,30 @@
                 } %>
                 </td></tr>
                 <tr><td><%=intl._("Tunnel name and description")%></td><td>
-                    <%=request.getParameter("name")%><br />
-                    <%=request.getParameter("description")%>
+                    <%=net.i2p.data.DataHelper.stripHTML(request.getParameter("name"))%><br />
+                    <%=net.i2p.data.DataHelper.stripHTML(request.getParameter("description"))%>
                 </td></tr><%
                 if (tunnelIsClient) { %>
                 <tr><td><%=intl._("Tunnel destination")%></td><td><%
                   if ("httpclient".equals(tunnelType) || "connectclient".equals(tunnelType) || "sockstunnel".equals(tunnelType) || "socksirctunnel".equals(tunnelType)) { %>
-                    <%=request.getParameter("proxyList")%><%
+                    <%=net.i2p.data.DataHelper.stripHTML(request.getParameter("proxyList"))%><%
                   } else if ("client".equals(tunnelType) || "ircclient".equals(tunnelType) || "streamrclient".equals(tunnelType)) { %>
-                    <%=request.getParameter("targetDestination")%><%
+                    <%=net.i2p.data.DataHelper.stripHTML(request.getParameter("targetDestination"))%><%
                   } %>
                 </td></tr><%
                 } %>
                 <tr><td><%=intl._("Binding address and port")%></td><td><%
                 if ((tunnelIsClient && "streamrclient".equals(tunnelType)) || (!tunnelIsClient && !"streamrserver".equals(tunnelType))) { %>
-                    <%=request.getParameter("targetHost")%><br /><%
+                    <%=net.i2p.data.DataHelper.stripHTML(request.getParameter("targetHost"))%><br /><%
                 }
                 if (!tunnelIsClient) { %>
-                    <%=request.getParameter("targetPort")%><br /><%
+                    <%=net.i2p.data.DataHelper.stripHTML(request.getParameter("targetPort"))%><br /><%
                 }
                 if (tunnelIsClient || "httpbidirserver".equals(tunnelType)) { %>
-                    <br /><%=request.getParameter("port")%><%
+                    <br /><%=net.i2p.data.DataHelper.stripHTML(request.getParameter("port"))%><%
                 }
                 if ((tunnelIsClient && !"streamrclient".equals(tunnelType)) || "httpbidirserver".equals(tunnelType) || "streamrserver".equals(tunnelType)) { %>
-                    <br /><%=request.getParameter("reachableBy")%><%
+                    <br /><%=net.i2p.data.DataHelper.stripHTML(request.getParameter("reachableBy"))%><%
                 } %>
                 </td></tr>
                 <tr><td><%=intl._("Tunnel auto-start")%></td><td><%
diff --git a/apps/routerconsole/java/src/net/i2p/router/web/CSSHelper.java b/apps/routerconsole/java/src/net/i2p/router/web/CSSHelper.java
index 32c3f9304..622e65598 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/CSSHelper.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/CSSHelper.java
@@ -57,7 +57,7 @@ public class CSSHelper extends HelperBase {
      */
     public void setLang(String lang) {
         // Protected with nonce in css.jsi
-        if (lang != null && lang.length() > 0) {
+        if (lang != null && lang.length() > 0 && lang.length() <= 6) {
             Map m = new HashMap(2);
             int under = lang.indexOf('_');
             if (under < 0) {
@@ -105,9 +105,9 @@ public class CSSHelper extends HelperBase {
         try {
             if (Integer.parseInt(r) < MIN_REFRESH)
                 r = "" + MIN_REFRESH;
+            _context.router().saveConfig(PROP_REFRESH, r);
         } catch (Exception e) {
         }
-        _context.router().saveConfig(PROP_REFRESH, r);
     }
 
     /** @return refresh time in seconds, as a string */
@@ -117,6 +117,7 @@ public class CSSHelper extends HelperBase {
             if (Integer.parseInt(r) < MIN_REFRESH)
                 r = "" + MIN_REFRESH;
         } catch (Exception e) {
+            r = "" + MIN_REFRESH;
         }
         return r;
     }
diff --git a/apps/routerconsole/java/src/net/i2p/router/web/ConfigAdvancedHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/ConfigAdvancedHandler.java
index cac07deee..193334d84 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/ConfigAdvancedHandler.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/ConfigAdvancedHandler.java
@@ -21,7 +21,8 @@ public class ConfigAdvancedHandler extends FormHandler {
     @Override
     protected void processForm() {
         if (_shouldSave) {
-            saveChanges();
+            //saveChanges();
+            addFormError("Save disabled, edit the router.config file to make changes") ;
         } else {
             // noop
         }
diff --git a/apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHandler.java
index 1c1c28568..158b5bc99 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHandler.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHandler.java
@@ -54,7 +54,8 @@ public class ConfigClientsHandler extends FormHandler {
             return;
         }
         if (_action.equals(_("Install Plugin"))) {
-            installPlugin();
+            //installPlugin();
+            addFormError("Plugin installation disabled");
             return;
         }
         if (_action.equals(_("Update All Installed Plugins"))) {
diff --git a/apps/routerconsole/java/src/net/i2p/router/web/ConfigUpdateHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/ConfigUpdateHandler.java
index cc43d51bb..fc1e8fad9 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/ConfigUpdateHandler.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/ConfigUpdateHandler.java
@@ -173,10 +173,11 @@ public class ConfigUpdateHandler extends FormHandler {
                 _newsThroughProxy = false;
             String oldURL = ConfigUpdateHelper.getNewsURL(_context);
             if ( (oldURL == null) || (!_newsURL.equals(oldURL)) ) {
-                changes.put(PROP_NEWS_URL, _newsURL);
+                //changes.put(PROP_NEWS_URL, _newsURL);
                 // this invalidates the news
-                changes.put(NewsHelper.PROP_LAST_CHECKED, "0");
-                addFormNotice(_("Updating news URL to {0}", _newsURL));
+                //changes.put(NewsHelper.PROP_LAST_CHECKED, "0");
+                //addFormNotice(_("Updating news URL to {0}", _newsURL));
+                addFormError("Changing news URL disabled");
             }
         }
         
@@ -240,8 +241,9 @@ public class ConfigUpdateHandler extends FormHandler {
         if ( (_zipURL != null) && (_zipURL.length() > 0) ) {
             String oldURL = _context.router().getConfigSetting(PROP_ZIP_URL);
             if ( (oldURL == null) || (!_zipURL.equals(oldURL)) ) {
-                changes.put(PROP_ZIP_URL, _zipURL);
-                addFormNotice(_("Updating unsigned update URL to {0}", _zipURL));
+                //changes.put(PROP_ZIP_URL, _zipURL);
+                //addFormNotice(_("Updating unsigned update URL to {0}", _zipURL));
+                addFormError("Changing unsigned update URL disabled");
             }
         }
         
diff --git a/apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java
index b4d147bcc..cb3d68e19 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java
@@ -5,6 +5,7 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import net.i2p.data.DataHelper;
 import net.i2p.router.RouterContext;
 import net.i2p.util.Log;
 
@@ -50,8 +51,8 @@ public abstract class FormHandler {
         }
     }
 
-    public void setNonce(String val) { _nonce = val; }
-    public void setAction(String val) { _action = val; }
+    public void setNonce(String val) { _nonce = DataHelper.stripHTML(val); }
+    public void setAction(String val) { _action = DataHelper.stripHTML(val); }
 
     /**
      * For many forms, it's easiest just to put all the parameters here.
diff --git a/apps/routerconsole/java/src/net/i2p/router/web/SummaryHelper.java b/apps/routerconsole/java/src/net/i2p/router/web/SummaryHelper.java
index 6d9a7769b..ff7883c8f 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/SummaryHelper.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/SummaryHelper.java
@@ -818,19 +818,19 @@ public class SummaryHelper extends HelperBase {
     /* below here is stuff we need to get from summarynoframe.jsp to SummaryBarRenderer */
 
     private String _action;
-    public void setAction(String s) { _action = s; }
+    public void setAction(String s) { _action = DataHelper.stripHTML(s); }
     public String getAction() { return _action; }
 
     private String _consoleNonce;
-    public void setConsoleNonce(String s) { _consoleNonce = s; }
+    public void setConsoleNonce(String s) { _consoleNonce = DataHelper.stripHTML(s); }
     public String getConsoleNonce() { return _consoleNonce; }
 
     private String _updateNonce;
-    public void setUpdateNonce(String s) { _updateNonce = s; }
+    public void setUpdateNonce(String s) { _updateNonce = DataHelper.stripHTML(s); }
     public String getUpdateNonce() { return _updateNonce; }
 
     private String _requestURI;
-    public void setRequestURI(String s) { _requestURI = s; }
+    public void setRequestURI(String s) { _requestURI = DataHelper.stripHTML(s); }
 
     /**
      * @return non-null; "/home" if (strangely) not set by jsp
diff --git a/apps/routerconsole/jsp/configadvanced.jsp b/apps/routerconsole/jsp/configadvanced.jsp
index 76a79c692..bdd7108a5 100644
--- a/apps/routerconsole/jsp/configadvanced.jsp
+++ b/apps/routerconsole/jsp/configadvanced.jsp
@@ -24,13 +24,19 @@
 <%@include file="formhandler.jsi" %>
  <div class="configure">
  <div class="wideload">
+<!--
  <form action="" method="POST">
  <input type="hidden" name="nonce" value="<%=pageNonce%>" >
  <input type="hidden" name="action" value="blah" >
+-->
  <h3><%=intl._("Advanced I2P Configuration")%></h3>
- <textarea rows="32" cols="60" name="config" wrap="off" spellcheck="false"><jsp:getProperty name="advancedhelper" property="settings" /></textarea><br><hr>
+ <textarea rows="32" cols="60" name="config" wrap="off" spellcheck="false" readonly="readonly"><jsp:getProperty name="advancedhelper" property="settings" /></textarea><br><hr>
+<!--
       <div class="formaction">
         <input type="reset" class="cancel" value="<%=intl._("Cancel")%>" >
         <input type="submit" name="shouldsave" class="accept" value="<%=intl._("Save changes")%>" >
  <br><b><%=intl._("NOTE")%>:</b> <%=intl._("Some changes may require a restart to take effect.")%>
- </div></form></div></div></div></body></html>
+ </div></form>
+-->
+To make changes, edit the router.config file.
+</div></div></div></body></html>
diff --git a/apps/routerconsole/jsp/configclients.jsp b/apps/routerconsole/jsp/configclients.jsp
index 2137e317c..6d0ee25ec 100644
--- a/apps/routerconsole/jsp/configclients.jsp
+++ b/apps/routerconsole/jsp/configclients.jsp
@@ -117,6 +117,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
  <input type="submit" name="action" class="accept" value="<%=intl._("Save Plugin Configuration")%>" />
 </div></form></div>
 
+<!--
 <h3><a name="plugin"></a><%=intl._("Plugin Installation")%></h3><p>
  <%=intl._("Look for available plugins on {0}.", "<a href=\"http://plugins.i2p\">plugins.i2p</a>")%>
  <%=intl._("To install a plugin, enter the download URL:")%>
@@ -132,5 +133,6 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
 </div><hr><div class="formaction">
  <input type="submit" name="action" class="reload" value="<%=intl._("Update All Installed Plugins")%>" />
  </div></form></div>
+-->
 <% } %>
 </div></div></body></html>
diff --git a/apps/routerconsole/jsp/configupdate.jsp b/apps/routerconsole/jsp/configupdate.jsp
index c29a9a95d..904941b75 100644
--- a/apps/routerconsole/jsp/configupdate.jsp
+++ b/apps/routerconsole/jsp/configupdate.jsp
@@ -41,7 +41,7 @@
             <% } %></td></tr>
         <tr><td colspan="2"><br></td></tr>
         <tr><td class="mediumtags" align="right"><b><%=intl._("News URL")%>:</b></td>
-          <td><input type="text" size="60" name="newsURL" value="<jsp:getProperty name="updatehelper" property="newsURL" />"></td>
+          <td><input type="text" size="60" name="newsURL" readonly="readonly" value="<jsp:getProperty name="updatehelper" property="newsURL" />"></td>
         </tr><tr><td class="mediumtags" align="right"><b><%=intl._("Refresh frequency")%>:</b>
           <td><jsp:getProperty name="updatehelper" property="refreshFrequencySelectBox" /></td></tr>
     <% if (updatehelper.canInstall()) { %>
@@ -65,10 +65,12 @@
         </tr><tr><td class="mediumtags" align="right"><b><%=intl._("Trusted keys")%>:</b></td>
           <td><textarea cols="60" rows="6" name="trustedKeys" wrap="off" spellcheck="false"><jsp:getProperty name="updatehelper" property="trustedKeys" /></textarea></td></tr>
       <% }   // if isAdvanced %>
+<!--
         <tr><td id="unsignedbuild" class="mediumtags" align="right"><b><%=intl._("Update with unsigned development builds?")%></b></td>
           <td><jsp:getProperty name="updatehelper" property="updateUnsigned" /></td>
         </tr><tr><td class="mediumtags" align="right"><b><%=intl._("Unsigned Build URL")%>:</b></td>
           <td><input type="text" size="60" name="zipURL" value="<jsp:getProperty name="updatehelper" property="zipURL" />"></td></tr>
+-->
     <% } else { %>
         <tr><td class="mediumtags" align="center" colspan="2"><b><%=intl._("Updates will be dispatched via your package manager.")%></b></td></tr>
     <% }   // if canInstall %>
diff --git a/apps/routerconsole/jsp/css.jsi b/apps/routerconsole/jsp/css.jsi
index 64f2733a8..a9446b037 100644
--- a/apps/routerconsole/jsp/css.jsi
+++ b/apps/routerconsole/jsp/css.jsi
@@ -30,8 +30,11 @@
 <link rel="icon" href="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/favicon.ico">
 <%
    // clickjacking
-   if (intl.shouldSendXFrame())
+   if (intl.shouldSendXFrame()) {
       response.setHeader("X-Frame-Options", "SAMEORIGIN");
+      response.setHeader("Content-Security-Policy", "default-src 'self'");
+      response.setHeader("X-XSS-Protection", "1; mode=block");
+   }
 
    String conNonceParam = request.getParameter("consoleNonce");
    if (intl.getNonce().equals(conNonceParam)) {
diff --git a/apps/routerconsole/jsp/summaryframe.jsp b/apps/routerconsole/jsp/summaryframe.jsp
index 4af6be78f..8189635fc 100644
--- a/apps/routerconsole/jsp/summaryframe.jsp
+++ b/apps/routerconsole/jsp/summaryframe.jsp
@@ -22,12 +22,13 @@
                            "Shutdown immediately".equals(action) || "Restart immediately".equals(action);
     if (!shutdownSoon) {
         if (d == null || "".equals(d)) {
-            d = intl.getRefresh();
+            // set below
         } else {
             d = net.i2p.data.DataHelper.stripHTML(d);  // XSS
             intl.setRefresh(d);
             intl.setDisableRefresh(d);
         }
+        d = intl.getRefresh();
         // we probably don't get here if d == "0" since caught in summary.jsi, but just
         // to be sure...
         if (!intl.getDisableRefresh()) {
@@ -46,7 +47,7 @@
             long delay = 60;
             try { delay = Long.parseLong(d); } catch (NumberFormatException nfe) {}
             if (delay*1000 < timeleft + 5000)
-                out.print("<meta http-equiv=\"refresh\" content=\"" + d + ";url=/summaryframe.jsp\" >\n");
+                out.print("<meta http-equiv=\"refresh\" content=\"" + delay + ";url=/summaryframe.jsp\" >\n");
             else
                 shutdownSoon = true;
         }
diff --git a/apps/routerconsole/jsp/viewstat.jsp b/apps/routerconsole/jsp/viewstat.jsp
index bdc013ae5..6a7907ebc 100644
--- a/apps/routerconsole/jsp/viewstat.jsp
+++ b/apps/routerconsole/jsp/viewstat.jsp
@@ -84,9 +84,11 @@ if ( !rendered && ((rs != null) || fakeBw) ) {
  *  a huge load for a page full of graphs if there's a problem
  */
 if (!rendered) {
-    if (stat != null)
+    if (stat != null) {
+        stat = net.i2p.data.DataHelper.stripHTML(stat);
         response.sendError(403, "The stat " + stat + " is not available, it must be enabled for graphing on the stats configuration page.");
-    else
+    } else {
         response.sendError(403, "No stat specified");
+    }
 }
 %>
\ No newline at end of file
diff --git a/apps/susidns/src/java/src/i2p/susi/dns/BaseBean.java b/apps/susidns/src/java/src/i2p/susi/dns/BaseBean.java
index ec022b70c..08ca6dd31 100644
--- a/apps/susidns/src/java/src/i2p/susi/dns/BaseBean.java
+++ b/apps/susidns/src/java/src/i2p/susi/dns/BaseBean.java
@@ -142,7 +142,7 @@ public class BaseBean
      * @since 0.9.13 moved from subclasses
      */
     public void setAction(String action) {
-        this.action = action;
+        this.action = DataHelper.stripHTML(action);
     }
 
     /**
@@ -158,7 +158,7 @@ public class BaseBean
      * @since 0.9.13 moved from subclasses
      */
     public void setSerial(String serial) {
-        this.serial = serial;
+        this.serial = DataHelper.stripHTML(serial);
     }
 
     /**
diff --git a/apps/susidns/src/java/src/i2p/susi/dns/NamingServiceBean.java b/apps/susidns/src/java/src/i2p/susi/dns/NamingServiceBean.java
index 71a35133b..5a147a66a 100644
--- a/apps/susidns/src/java/src/i2p/susi/dns/NamingServiceBean.java
+++ b/apps/susidns/src/java/src/i2p/susi/dns/NamingServiceBean.java
@@ -30,6 +30,7 @@ import java.util.Properties;
 
 import net.i2p.client.naming.NamingService;
 import net.i2p.data.DataFormatException;
+import net.i2p.data.DataHelper;
 import net.i2p.data.Destination;
 
 /**
@@ -322,7 +323,7 @@ public class NamingServiceBean extends AddressbookBean
 	}
 
 	public void setH(String h) {
-		this.detail = h;
+		this.detail = DataHelper.stripHTML(h);
 	}
 
 	public AddressBean getLookup() {
diff --git a/apps/susidns/src/java/src/i2p/susi/dns/SubscriptionsBean.java b/apps/susidns/src/java/src/i2p/susi/dns/SubscriptionsBean.java
index ca6e9c44c..15d394336 100644
--- a/apps/susidns/src/java/src/i2p/susi/dns/SubscriptionsBean.java
+++ b/apps/susidns/src/java/src/i2p/susi/dns/SubscriptionsBean.java
@@ -160,7 +160,7 @@ public class SubscriptionsBean extends BaseBean
 
 	public void setContent(String content) {
 		// will come from form with \r\n line endings
-		this.content = content;
+		this.content = DataHelper.stripHTML(content);
 	}
 
 	public String getContent()
diff --git a/apps/susidns/src/jsp/addressbook.jsp b/apps/susidns/src/jsp/addressbook.jsp
index 374caeb71..6b7801dd0 100644
--- a/apps/susidns/src/jsp/addressbook.jsp
+++ b/apps/susidns/src/jsp/addressbook.jsp
@@ -28,6 +28,8 @@
         request.setCharacterEncoding("UTF-8");
 
     response.setHeader("X-Frame-Options", "SAMEORIGIN");
+    response.setHeader("Content-Security-Policy", "default-src 'self'");
+    response.setHeader("X-XSS-Protection", "1; mode=block");
 
 %>
 <%@page pageEncoding="UTF-8"%>
diff --git a/apps/susidns/src/jsp/config.jsp b/apps/susidns/src/jsp/config.jsp
index 8afd6a86d..1a9fb918d 100644
--- a/apps/susidns/src/jsp/config.jsp
+++ b/apps/susidns/src/jsp/config.jsp
@@ -28,6 +28,8 @@
         request.setCharacterEncoding("UTF-8");
 
     response.setHeader("X-Frame-Options", "SAMEORIGIN");
+    response.setHeader("Content-Security-Policy", "default-src 'self'");
+    response.setHeader("X-XSS-Protection", "1; mode=block");
 
 %>
 <%@page pageEncoding="UTF-8"%>
diff --git a/apps/susidns/src/jsp/details.jsp b/apps/susidns/src/jsp/details.jsp
index d5d625641..cc0ba4df6 100644
--- a/apps/susidns/src/jsp/details.jsp
+++ b/apps/susidns/src/jsp/details.jsp
@@ -25,6 +25,8 @@
         request.setCharacterEncoding("UTF-8");
 
     response.setHeader("X-Frame-Options", "SAMEORIGIN");
+    response.setHeader("Content-Security-Policy", "default-src 'self'");
+    response.setHeader("X-XSS-Protection", "1; mode=block");
 
 %>
 <%@page pageEncoding="UTF-8"%>
@@ -73,6 +75,7 @@
     if (detail == null) {
         %><p>No host specified</p><%
     } else {
+        detail = net.i2p.data.DataHelper.stripHTML(detail);
         i2p.susi.dns.AddressBean addr = book.getLookup();
         if (addr == null) {
             %><p>Not found: <%=detail%></p><%
diff --git a/apps/susidns/src/jsp/index.jsp b/apps/susidns/src/jsp/index.jsp
index 7023d080f..8c50f6674 100644
--- a/apps/susidns/src/jsp/index.jsp
+++ b/apps/susidns/src/jsp/index.jsp
@@ -28,6 +28,8 @@
         request.setCharacterEncoding("UTF-8");
 
     response.setHeader("X-Frame-Options", "SAMEORIGIN");
+    response.setHeader("Content-Security-Policy", "default-src 'self'");
+    response.setHeader("X-XSS-Protection", "1; mode=block");
 
 %>
 <%@page pageEncoding="UTF-8"%>
diff --git a/apps/susidns/src/jsp/subscriptions.jsp b/apps/susidns/src/jsp/subscriptions.jsp
index afc572f42..002687003 100644
--- a/apps/susidns/src/jsp/subscriptions.jsp
+++ b/apps/susidns/src/jsp/subscriptions.jsp
@@ -28,6 +28,8 @@
         request.setCharacterEncoding("UTF-8");
 
     response.setHeader("X-Frame-Options", "SAMEORIGIN");
+    response.setHeader("Content-Security-Policy", "default-src 'self'");
+    response.setHeader("X-XSS-Protection", "1; mode=block");
 
 %>
 <%@page pageEncoding="UTF-8"%>
diff --git a/apps/susimail/src/src/i2p/susi/webmail/WebMail.java b/apps/susimail/src/src/i2p/susi/webmail/WebMail.java
index 12132726d..a9391efc4 100644
--- a/apps/susimail/src/src/i2p/susi/webmail/WebMail.java
+++ b/apps/susimail/src/src/i2p/susi/webmail/WebMail.java
@@ -1562,6 +1562,8 @@ public class WebMail extends HttpServlet
 		httpRequest.setCharacterEncoding("UTF-8");
 		response.setCharacterEncoding("UTF-8");
                 response.setHeader("X-Frame-Options", "SAMEORIGIN");
+                response.setHeader("Content-Security-Policy", "default-src 'self'");
+                response.setHeader("X-XSS-Protection", "1; mode=block");
 		RequestWrapper request = new RequestWrapper( httpRequest );
 		
 		SessionObject sessionObject = null;
diff --git a/core/java/src/net/i2p/client/naming/ExecNamingService.java b/core/java/src/net/i2p/client/naming/ExecNamingService.java
index 4843ba68d..f6ac3ec7a 100644
--- a/core/java/src/net/i2p/client/naming/ExecNamingService.java
+++ b/core/java/src/net/i2p/client/naming/ExecNamingService.java
@@ -57,6 +57,8 @@ public class ExecNamingService extends DummyNamingService {
      */
     public ExecNamingService(I2PAppContext context) {
         super(context);
+        // disable for now
+        throw new UnsupportedOperationException();
     }
     
     @Override
diff --git a/core/java/src/net/i2p/data/DataHelper.java b/core/java/src/net/i2p/data/DataHelper.java
index efc66a2c6..826de50eb 100644
--- a/core/java/src/net/i2p/data/DataHelper.java
+++ b/core/java/src/net/i2p/data/DataHelper.java
@@ -478,12 +478,14 @@ public class DataHelper {
                 String val = (String) entry.getValue();
                 if (name.contains("#") ||
                     name.contains("=") ||
+                    name.contains("\r") ||
                     name.contains("\n") ||
                     name.startsWith(";") ||
                     val.contains("#") ||
+                    val.contains("\r") ||
                     val.contains("\n")) {
                     if (iae == null)
-                        iae = new IllegalArgumentException("Invalid character (one of \"#;=\\n\") in key or value: \"" +
+                        iae = new IllegalArgumentException("Invalid character (one of \"#;=\\r\\n\") in key or value: \"" +
                                                            name + "\" = \"" + val + '\"');
                     continue;
                 }
@@ -1622,6 +1624,7 @@ public class DataHelper {
         if (orig == null) return "";
         String t1 = orig.replace('<', ' ');
         String rv = t1.replace('>', ' ');
+        rv = rv.replace("\"", "%22");
         return rv;
     }
 
diff --git a/history.txt b/history.txt
index 8a6166d6e..9eb378fd2 100644
--- a/history.txt
+++ b/history.txt
@@ -1,3 +1,15 @@
+2014-07-26 zzz
+ * Console:
+   - Fix several XSS issues (thx Aaron Portnoy of Exodus Intel)
+   - Add Content-Security-Policy and X-XSS-Protection headers
+   - Disable changing news feed URL from UI
+   - Disable plugin install from UI
+   - Disable setting unsigned update URL from UI
+   - Disable /configadvanced
+ * DataHelper: Disallow \r in storeProps() (thx joernchen of Phenoelit)
+ * ExecNamingService: Disable (thx joernchen of Phenoelit)
+ * Startup: Add susimail.config to migrated files
+
 2014-07-23 kytv
  * Updates to geoip.txt and geoipv6.dat.gz based on Maxmind GeoLite Country
    database from 2014-07-02.
diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java
index 5b1ba79e3..78754ef28 100644
--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@@ -18,10 +18,10 @@ public class RouterVersion {
     /** deprecated */
     public final static String ID = "Monotone";
     public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 19;
+    public final static long BUILD = 20;
 
     /** for example "-test" */
-    public final static String EXTRA = "";
+    public final static String EXTRA = "-rc";
     public final static String FULL_VERSION = VERSION + "-" + BUILD + EXTRA;
     public static void main(String args[]) {
         System.out.println("I2P Router version: " + FULL_VERSION);
diff --git a/router/java/src/net/i2p/router/startup/WorkingDir.java b/router/java/src/net/i2p/router/startup/WorkingDir.java
index 573931cbd..3763f2e7a 100644
--- a/router/java/src/net/i2p/router/startup/WorkingDir.java
+++ b/router/java/src/net/i2p/router/startup/WorkingDir.java
@@ -272,10 +272,10 @@ public class WorkingDir {
         // but distros might put one in
         "addressbook,eepsite," +
         // base install - files
-        // We don't currently have a default router.config, logger.config, or webapps.config in the base distribution,
+        // We don't currently have a default router.config, logger.config, susimail.config, or webapps.config in the base distribution,
         // but distros might put one in
         "blocklist.txt,hosts.txt,i2psnark.config,i2ptunnel.config,jetty-i2psnark.xml," +
-        "logger.config,router.config,systray.config,webapps.config";
+        "logger.config,router.config,susimail.config,systray.config,webapps.config";
 
     private static boolean migrate(String list, File olddir, File todir) {
         boolean rv = true;