Fix potential XSS holes

apps/routerconsole/java/src/net/i2p/router/web/NetDbHelper.java

@@ -4,6 +4,7 @@ import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.OutputStreamWriter;
 
+import net.i2p.data.DataHelper;
 
 public class NetDbHelper extends HelperBase {
     private String _routerPrefix;
@@ -12,7 +13,10 @@ public class NetDbHelper extends HelperBase {
     
     public NetDbHelper() {}
     
-    public void setRouter(String r) { _routerPrefix = r; }
+    public void setRouter(String r) {
+        _routerPrefix = DataHelper.stripHTML(r);  // XSS
+    }
+
     public void setFull(String f) {
         try {
             _full = Integer.parseInt(f);

apps/routerconsole/jsp/configpeer.jsp

@@ -24,7 +24,7 @@
 
  <% String peer = "";
     if (request.getParameter("peer") != null)
-        peer = request.getParameter("peer");
+        peer = net.i2p.data.DataHelper.stripHTML(request.getParameter("peer"));  // XSS
  %>
  <div class="configure">
  <form action="configpeer.jsp" method="POST">

apps/routerconsole/jsp/i2ptunnel/index.jsp

@@ -3,5 +3,5 @@
 <meta http-equiv="pragma" content="no-cache" />
 </head>
 <body>
-The I2P Tunnel Manager is not currently running. Please visit the<a href="/configclients.jsp">Client Configuration</a> page to start it.
+The I2P Tunnel Manager is not currently running. Please visit the <a href="/configclients.jsp">Client Configuration</a> page to start it.
 </body></html>