diff --git a/apps/bookmarks/ajax/addBookmark.php b/apps/bookmarks/ajax/addBookmark.php
index d066b0b32f..78913f7a13 100644
--- a/apps/bookmarks/ajax/addBookmark.php
+++ b/apps/bookmarks/ajax/addBookmark.php
@@ -51,9 +51,9 @@ $query = OC_DB::prepare("
 	
 	
 $params=array(
-	urldecode($_GET["url"]),
-	urldecode($_GET["title"]),
-	urldecode($_GET["description"]),
+	htmlspecialchars_decode($_GET["url"]),
+	htmlspecialchars_decode($_GET["title"]),
+	htmlspecialchars_decode($_GET["description"]),
 	OC_User::getUser()
 	);
 $query->execute($params);
diff --git a/apps/bookmarks/ajax/delBookmark.php b/apps/bookmarks/ajax/delBookmark.php
index 99a618a7d1..bf1611fe5c 100644
--- a/apps/bookmarks/ajax/delBookmark.php
+++ b/apps/bookmarks/ajax/delBookmark.php
@@ -36,7 +36,7 @@ if( !OC_User::isLoggedIn()){
 }
 
 $params=array(
-	urldecode($_GET["url"]),
+	htmlspecialchars_decode($_GET["url"]),
 	OC_User::getUser()
 	);
 
diff --git a/apps/bookmarks/ajax/getMeta.php b/apps/bookmarks/ajax/getMeta.php
index dadf23afd9..e9fe0d684d 100644
--- a/apps/bookmarks/ajax/getMeta.php
+++ b/apps/bookmarks/ajax/getMeta.php
@@ -38,7 +38,7 @@ if( !OC_User::isLoggedIn()){
 // $metadata = array();
 
 require '../bookmarksHelper.php';
+$metadata = getURLMetadata(htmlspecialchars_decode($_GET["url"]));
 
-$metadata = getURLMetadata(urldecode($_GET["url"]));
 
 echo json_encode( array( 'status' => 'success', 'data' => $metadata));
diff --git a/apps/bookmarks/ajax/recordClick.php b/apps/bookmarks/ajax/recordClick.php
index 4dcb0b4a0d..116daea8bb 100644
--- a/apps/bookmarks/ajax/recordClick.php
+++ b/apps/bookmarks/ajax/recordClick.php
@@ -40,7 +40,7 @@ $query = OC_DB::prepare("
 		AND url LIKE ?
 	");
 	
-$params=array(OC_User::getUser(), urldecode($_GET["url"]));
+$params=array(OC_User::getUser(), htmlspecialchars_decode($_GET["url"]));
 $bookmarks = $query->execute($params);
 
 header( "HTTP/1.1 204 No Content" );
diff --git a/apps/bookmarks/ajax/updateList.php b/apps/bookmarks/ajax/updateList.php
index 61983cc0f5..ceecc5b7ef 100644
--- a/apps/bookmarks/ajax/updateList.php
+++ b/apps/bookmarks/ajax/updateList.php
@@ -39,7 +39,7 @@ $params=array(OC_User::getUser());
 $CONFIG_DBTYPE = OC_Config::getValue( 'dbtype', 'sqlite' );
 
 //Filter for tag?
-$filterTag = isset($_GET['tag']) ? '%' . urldecode($_GET['tag']) . '%' : false;
+$filterTag = isset($_GET['tag']) ? '%' . htmlspecialchars_decode($_GET['tag']) . '%' : false;
 if($filterTag){
 	$sqlFilterTag = 'HAVING tags LIKE ?';
 	$params[] = $filterTag;
diff --git a/apps/bookmarks/bookmarksHelper.php b/apps/bookmarks/bookmarksHelper.php
index 383a8ddd56..aee941a27b 100644
--- a/apps/bookmarks/bookmarksHelper.php
+++ b/apps/bookmarks/bookmarksHelper.php
@@ -11,7 +11,7 @@ function getURLMetadata($url) {
 
 	$page = file_get_contents($url);
 	@preg_match( "/<title>(.*)<\/title>/si", $page, $match );
-	$metadata['title'] = htmlentities(strip_tags(@$match[1])); 
+	$metadata['title'] = htmlspecialchars_decode(@$match[1]); 
 
 	$meta = get_meta_tags($url);
 
diff --git a/apps/bookmarks/js/bookmarks.js b/apps/bookmarks/js/bookmarks.js
index 760ae96b9e..ac87d967be 100644
--- a/apps/bookmarks/js/bookmarks.js
+++ b/apps/bookmarks/js/bookmarks.js
@@ -48,7 +48,7 @@ function getMetadata() {
 	var url = encodeEntities($('#bookmark_add_url').val())
 	$.ajax({
 		url: 'ajax/getMeta.php',
-		data: 'url=' + encodeURI(url),
+		data: 'url=' + encodeURIComponent(url),
 		success: function(pageinfo){
 			$('#bookmark_add_url').val(pageinfo.data.url);
 			$('#bookmark_add_description').val(pageinfo.data.description);
diff --git a/apps/bookmarks/templates/list.php b/apps/bookmarks/templates/list.php
index a2c89b310a..4f101d44f9 100644
--- a/apps/bookmarks/templates/list.php
+++ b/apps/bookmarks/templates/list.php
@@ -2,7 +2,7 @@
 <h2 class="bookmarks_headline"><?php echo isset($_GET["tag"]) ? 'Bookmarks with tag: ' . urldecode($_GET["tag"]) : 'All bookmarks'; ?></h2>
 <div class="bookmarks_menu">
 	<input type="button" class="bookmarks_addBtn" value="Add Bookmark"/>&nbsp;
-	<a class="bookmarks_addBml" href="javascript:var url = encodeURI(location.href);window.open('<?php echo (isset($_SERVER['HTTPS']) ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . OC_Helper::linkTo('bookmarks', 'addBm.php'); ?>?url='+url, 'owncloud-bookmarks');" title="Drag this to your browser bookmarks and click it, when you want to bookmark a webpage.">Add page to ownCloud</a>
+	<a class="bookmarks_addBml" href="javascript:var url = encodeURIComponent(location.href);window.open('<?php echo (isset($_SERVER['HTTPS']) ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . OC_Helper::linkTo('bookmarks', 'addBm.php'); ?>?url='+url, 'owncloud-bookmarks');" title="Drag this to your browser bookmarks and click it, when you want to bookmark a webpage.">Add page to ownCloud</a>
 </div>
 <div class="bookmarks_add">
 	<p><label class="bookmarks_label">Address</label><input type="text" id="bookmark_add_url" class="bookmarks_input" /></p>