diff --git a/js/privatebin.js b/js/privatebin.js
index 9250b8e..b0d60eb 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -630,7 +630,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
             let containsLinks = args[0].indexOf('<a') !== -1;
 
             // prevent double encoding, when we insert into a text node
-            if (!containsLinks || $element === null) {
+            if (containsLinks || $element === null) {
                 for (let i = 0; i < args.length; ++i) {
                     // parameters (i > 0) may never contain HTML as they may come from untrusted parties
                     if (i > 0 || !containsLinks) {
@@ -657,7 +657,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
                     $element.html(output);
                 } else {
                     // text node takes care of entity encoding
-                    $element.text(output);                    
+                    $element.text(output);
                 }
                 return '';
             }
diff --git a/js/test/AttachmentViewer.js b/js/test/AttachmentViewer.js
index 842945f..0cf89a3 100644
--- a/js/test/AttachmentViewer.js
+++ b/js/test/AttachmentViewer.js
@@ -86,7 +86,7 @@ describe('AttachmentViewer', function () {
                 $.PrivateBin.AttachmentViewer.moveAttachmentTo(element, prefix + '%s' + postfix);
                 // messageIDs with links get a relaxed treatment
                 if (prefix.indexOf('<a') === -1 && postfix.indexOf('<a') === -1) {
-                    result = $.PrivateBin.Helper.htmlEntities(prefix + filename + postfix);
+                    result = $('<textarea>').text((prefix + filename + postfix)).text();
                 } else {
                     result = prefix + $.PrivateBin.Helper.htmlEntities(filename) + postfix;
                 }
diff --git a/js/test/I18n.js b/js/test/I18n.js
index 0086cc2..67b1ca9 100644
--- a/js/test/I18n.js
+++ b/js/test/I18n.js
@@ -89,19 +89,20 @@ describe('I18n', function () {
                 prefix    =    prefix.replace(/%(s|d)/g, '%%');
                 params[0] = params[0].replace(/%(s|d)/g, '%%').replace(/<a/g, '');
                 postfix   =   postfix.replace(/%(s|d)/g, '%%');
-                const translation = $.PrivateBin.Helper.htmlEntities(prefix + params[0] + postfix);
-                params.unshift(prefix + '%s' + postfix);
+                const translation = $('<textarea>').text((prefix + params[0] + postfix)).text();
+                let args = Array.prototype.slice.call(params);
+                args.unshift(prefix + '%s' + postfix);
                 let clean = jsdom();
                 $('body').html('<div id="i18n"></div>');
-                params.unshift($('#i18n'));
-                $.PrivateBin.I18n.translate.apply(this, params);
+                args.unshift($('#i18n'));
+                $.PrivateBin.I18n.translate.apply(this, args);
                 const result = $('#i18n').text();
                 $.PrivateBin.I18n.reset();
                 clean();
                 clean = jsdom();
                 $('body').html('<div id="i18n"></div>');
-                params[0] = $('#i18n');
-                $.PrivateBin.I18n._.apply(this, params);
+                args[0] = $('#i18n');
+                $.PrivateBin.I18n._.apply(this, args);
                 const alias = $('#i18n').text();
                 $.PrivateBin.I18n.reset();
                 clean();
@@ -114,15 +115,15 @@ describe('I18n', function () {
             '(small nearray) string',
             'string',
             function (prefix, params, postfix) {
-                prefix    =    prefix.replace(/%(s|d)/g, '%%');
-                params[0] = params[0].replace(/%(s|d)/g, '%%');
-                postfix   =   postfix.replace(/%(s|d)/g, '%%');
-                const translation = $('<div>').html(DOMPurify.sanitize(
+                prefix    =    prefix.replace(/%(s|d)/g, '%%').trim();
+                params[0] = params[0].replace(/%(s|d)/g, '%%').trim();
+                postfix   =   postfix.replace(/%(s|d)/g, '%%').trim();
+                const translation = DOMPurify.sanitize(
                     prefix + $.PrivateBin.Helper.htmlEntities(params[0]) + '<a></a>' + postfix, {
                         ALLOWED_TAGS: ['a', 'br', 'i', 'span'],
                         ALLOWED_ATTR: ['href', 'id']
                     }
-                )).html();
+                );
                 let args = Array.prototype.slice.call(params);
                 args.unshift(prefix + '%s<a></a>' + postfix);
                 let clean = jsdom();
diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php
index 427b61c..74338ea 100644
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@@ -72,7 +72,7 @@ endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.7.js" integrity="sha512-XjNEK1xwh7SJ/7FouwV4VZcGW9cMySL3SwNpXgrURLBcXXQYtZdqhGoNdEwx9vwLvFjUGDQVNgpOrTsXlSTiQg==" crossorigin="anonymous"></script>
 		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-H1yl7DMaZcsr+Lz774u1sD6HanAPJ/jqYaAIUz1HVDwgSpAFfi68Yifrain6gd9Dz0BoxNf9OavTas0RNRIIPA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-P/peDxl4L6FQXi8bxxrMgkaYaG5S3wfJCQQCJgxIp94SkF/ctP99zY9hXtMHTypcCz8V1+h5HtwI3ZjNsT9Bcw==" crossorigin="anonymous"></script>
 		<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
 		<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
 		<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
diff --git a/tpl/page.php b/tpl/page.php
index 5cde124..9a512e1 100644
--- a/tpl/page.php
+++ b/tpl/page.php
@@ -50,7 +50,7 @@ endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.7.js" integrity="sha512-XjNEK1xwh7SJ/7FouwV4VZcGW9cMySL3SwNpXgrURLBcXXQYtZdqhGoNdEwx9vwLvFjUGDQVNgpOrTsXlSTiQg==" crossorigin="anonymous"></script>
 		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-H1yl7DMaZcsr+Lz774u1sD6HanAPJ/jqYaAIUz1HVDwgSpAFfi68Yifrain6gd9Dz0BoxNf9OavTas0RNRIIPA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-P/peDxl4L6FQXi8bxxrMgkaYaG5S3wfJCQQCJgxIp94SkF/ctP99zY9hXtMHTypcCz8V1+h5HtwI3ZjNsT9Bcw==" crossorigin="anonymous"></script>
 		<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
 		<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
 		<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />