--- container/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java	(revision 471875)
+++ container/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java	(working copy)
@@ -1207,7 +1207,7 @@ 
                   .append("'");
 
                 sb.append(">");
-                sb.append(trimmed);
+                sb.append(encodeHTML(trimmed));
                 if (childCacheEntry.context != null)
                     sb.append("/");
                 sb.append("</entry>");
@@ -1376,7 +1376,7 @@ 
                 if (childCacheEntry.context != null)
                     sb.append("/");
                 sb.append("\"><tt>");
-                sb.append(trimmed);
+                sb.append(encodeHTML(trimmed));
                 if (childCacheEntry.context != null)
                     sb.append("/");
                 sb.append("</tt></a></td>\r\n");
@@ -2183,8 +2183,44 @@ 
 
     }
 
+    /**
+     * HTML-encode characters in the specified string
+     *
+     * @param s The string to HTML-encode
+     * @return The HTML-encoded string, or null is the
+     * specified input string was null.
+     */
+    protected String encodeHTML(String s) {
 
+        if( null == s) 
+            return null;
 
+        char content[] = new char[s.length()];
+        s.getChars(0, s.length(), content, 0);
+        StringBuffer result = new StringBuffer(content.length + 50);
+        for ( int i = 0; i < content.length; i++ ) {
+            switch (content[i]) {
+                case '<':
+                    result.append("&lt;");
+                    break;
+                case '>':
+                    result.append("&gt;");
+                    break;
+                case '&':
+                    result.append("&amp;");
+                    break;
+                case '"':
+                    result.append("&quot;");
+                    break;
+                default:
+                    result.append(content[i]);
+            }
+        }
+        return (result.toString());
+
+     }
+
+
     // ------------------------------------------------------ Range Inner Class