Index: portal-impl/src/com/liferay/portal/util/HtmlImpl.java
===================================================================
--- portal-impl/src/com/liferay/portal/util/HtmlImpl.java	(revision 56955)
+++ portal-impl/src/com/liferay/portal/util/HtmlImpl.java	(working copy)
@@ -14,6 +14,9 @@
 
 package com.liferay.portal.util;
 
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 import com.liferay.portal.kernel.util.CharPool;
 import com.liferay.portal.kernel.util.Html;
 import com.liferay.portal.kernel.util.HttpUtil;
@@ -51,6 +54,14 @@
 			return StringPool.BLANK;
 		}
 
+		// If the string contains "javascript:", then encode the colon to avoid
+		// execution of javascript in, for example. links and images
+		// XSS Cheat Sheet: http://ha.ckers.org/xss.html
+		Pattern pattern = Pattern.compile("(javascript):",
+				Pattern.CASE_INSENSITIVE | Pattern.UNICODE_CASE);
+		Matcher m = pattern.matcher(text);
+		text = m.replaceAll("$1%3a");
+
 		// Escape using XSS recommendations from
 		// http://www.owasp.org/index.php/Cross_Site_Scripting
 		// #How_to_Protect_Yourself