--- a/bin/gnump3d2	2005-10-10 23:38:39.000000000 +0100
+++ a/bin/gnump3d2	2005-10-10 23:41:42.000000000 +0100
@@ -857,6 +857,12 @@
 		my $header   = &getHTTPHeader( 404, "text/html" );
 		&sendData( $data, $header );
 
+
+		#
+		# Prevent XSS attacks
+		#
+		$uri = urlEncode( $uri );
+
 		my $text = &getErrorPage( $ARGUMENTS{'theme'},
 					  $literals->get( "ERROR404" ) );
 		&sendData( $data, $text );
@@ -1168,6 +1173,11 @@
 		my $header   = &getHTTPHeader( 404, "text/html" );
 		&sendData( $data, $header );
 
+		#
+		# Prevent XSS attacks
+		#
+		$uri = urlEncode( $uri );
+
 		my $text = &getErrorPage( $ARGUMENTS{'theme'},
 					  $literals->get( "ERROR404" ) );
 		&sendData( $data, $text );