diff --git a/public_html/admin/plugins.php b/public_html/admin/plugins.php
index 716905c63..594a5cc2a 100644
--- a/public_html/admin/plugins.php
+++ b/public_html/admin/plugins.php
@@ -943,7 +943,6 @@ function continue_upgrade($plugin, $pi_version, $code_version)
  * @param    string $message (optional) message to display
  * @param    string $token   an optional csrf token
  * @return   string              HTML for the plugin screen
- * @throws Exception
  */
 function plugin_main($message = '', $token = '')
 {
diff --git a/public_html/lib-common.php b/public_html/lib-common.php
index e692ac0d4..98304e027 100644
--- a/public_html/lib-common.php
+++ b/public_html/lib-common.php
@@ -7202,7 +7202,11 @@ function COM_createLink($content, $url, $attr = array())
 
     $attributes = '';
     foreach ($attr as $key => $value) {
-        $attributes .= sprintf(' %s="%s"', $key, $value, ENT_QUOTES, $charset);
+        $attributes .= sprintf(
+            ' %s="%s"',
+            htmlspecialchars($key, ENT_QUOTES, $charset),
+            htmlspecialchars($value, ENT_QUOTES, $charset)
+        );
     }
 
     $retval = sprintf('<a href="%s"%s>%s</a>', $url, $attributes, $content);