diff --git a/src/main/java/org/olat/core/util/filter/impl/OpenOLATPolicy.java b/src/main/java/org/olat/core/util/filter/impl/OpenOLATPolicy.java
index ab8cb3d454a8479e72bb1f6d6fa80732c24aa77d..35a7c9f80440f195f925ff2d0eb24067dd69b68c 100644
--- a/src/main/java/org/olat/core/util/filter/impl/OpenOLATPolicy.java
+++ b/src/main/java/org/olat/core/util/filter/impl/OpenOLATPolicy.java
@@ -22,6 +22,7 @@ package org.olat.core.util.filter.impl;
 import java.util.List;
 import java.util.regex.Pattern;
 
+import org.olat.core.util.CodeHelper;
 import org.owasp.html.HtmlPolicyBuilder;
 import org.owasp.html.HtmlStreamEventProcessor;
 import org.owasp.html.HtmlStreamEventReceiver;
@@ -40,29 +41,20 @@ import com.google.common.base.Predicate;
  *
  */
 public class OpenOLATPolicy {
+	
+	private static final String MEDIA_HOST = "http://my" + CodeHelper.getForeverUniqueID() + "localhost:8123/";
 
 	private static final Pattern PARAGRAPH = Pattern.compile("([\\p{L}\\p{N},'\\.\\s\\-_\\(\\)]|&[0-9]{2};)*");
-	//private static final Pattern POSITIVELENGTH = Pattern.compile("((\\+)?0|(\\+)?([0-9]+(.[0-9]+)?)(em|ex|px|in|cm|mm|pt|pc))");
 	private static final Pattern COLORNAME = Pattern.compile("(aqua|black|blue|fuchsia|gray|grey|green|lime|maroon|navy|olive|purple|red|silver|teal|white|yellow)");
 	private static final Pattern OFFSITEURL = Pattern.compile("(\\s)*((ht)tp(s?)://|mailto:)[\\p{L}\\p{N}]+[\\p{L}\\p{N}\\p{Zs}\\.\\#@\\$%\\+&;:\\-_~,\\?=/!\\(\\)]*(\\s)*");
-	//private static final Pattern RELATIVE_SIZE = Pattern.compile("(larger|smaller)");
-	//private static final Pattern SYSTEMCOLOR = Pattern.compile("(activeborder|activecaption|appworkspace|background|buttonface|buttonhighlight|buttonshadow|buttontext|captiontext|graytext|highlight|highlighttext|inactiveborder|inactivecaption|inactivecaptiontext|infobackground|infotext|menu|menutext|scrollbar|threeddarkshadow|threedface|threedhighlight|threedlightshadow|threedshadow|window|windowframe|windowtext)");
 	private static final Pattern HTMLCLASS = Pattern.compile("[a-zA-Z0-9\\s,-_]+");
-	//private static final Pattern LENGTH = Pattern.compile("((-|\\+)?0|(-|\\+)?([0-9]+(.[0-9]+)?)(em|ex|px|in|cm|mm|pt|pc))");
-	//private static final Pattern ABSOLUTE_SIZE = Pattern.compile("(xx-small|x-small|small|medium|large|x-large|xx-large)");
-	//private static final Pattern POSITIVEPERCENTAGE = Pattern.compile("(\\+)?([0-9]+(.[0-9]+)?)%");
 	private static final Pattern ANYTHING = Pattern.compile(".*");
 	private static final Pattern ONSITEURL = Pattern.compile("([\\p{L}\\p{N}\\p{Zs}/\\.\\?=&\\-~_]|ccrep:)+");
 	private static final Pattern NUMBER = Pattern.compile("[0-9]+");
 	private static final Pattern HTMLTITLE = Pattern.compile("[a-zA-Z0-9\\s-_',:\\[\\]!\\./\\\\\\(\\)%&;\\+#]*");
-	
-	//private static final Pattern CSSONSITEURI = Pattern.compile("url\\(([\\p{L}\\p{N}\\\\/\\.\\?=\\#&;\\-_~]+|\\#(\\w)+)\\)");
-	//private static final Pattern RGBCODE = Pattern.compile("rgb\\(([1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]),([1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]),([1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])\\)");
-	//private static final Pattern PERCENTAGE = Pattern.compile("(-|\\+)?([0-9]+(.[0-9]+)?)%");
 	private static final Pattern OLATINTERNALURL = Pattern.compile("javascript:parent\\.gotonode\\(\\d+\\)");
 	private static final Pattern NUMBERORPERCENT = Pattern.compile("(\\d)+(%{0,1})");
 	private static final Pattern COLORCODE = Pattern.compile("(#([0-9a-fA-F]{6}|[0-9a-fA-F]{3}))");
-	//private static final Pattern CSSOFFSITEURI = Pattern.compile("url\\((\\s)*(http(s?)://)[\\p{L}\\p{N}]+[~\\p{L}\\p{N}\\p{Zs}\\-_\\.@#$%&;:,\\?=/\\+!]*(\\s)*\\)");
 
 	public static final PolicyFactory POLICY_DEFINITION = new HtmlPolicyBuilder()
 		.allowStyling()
@@ -302,7 +294,10 @@ public class OpenOLATPolicy {
 							&& attrs.get(i+1).startsWith("javascript:parent.goto")
 							&& OLATINTERNALURL.matcher(attrs.get(i + 1)).matches()) {
 						attrs.set(i, "onclick");
-					}	
+					} else if("href".equals(attr) && i+1 < numOfAttrs
+							&& attrs.get(i+1).startsWith("media/")) {
+						attrs.set(i + 1, MEDIA_HOST + attrs.get(i+1));
+					}
 				}
 			}
 			super.openTag(elementName, attrs);
@@ -313,13 +308,13 @@ public class OpenOLATPolicy {
 
 		@Override
 		public HtmlStreamEventReceiver wrap(HtmlStreamEventReceiver sink) {
-			return new OpenOLATostReceiver(sink);
+			return new OpenOLATPostReceiver(sink);
 		}
 	}
 	
-	private static class OpenOLATostReceiver extends HtmlStreamEventReceiverWrapper {
+	private static class OpenOLATPostReceiver extends HtmlStreamEventReceiverWrapper {
 		
-		public OpenOLATostReceiver(HtmlStreamEventReceiver sink) {
+		public OpenOLATPostReceiver(HtmlStreamEventReceiver sink) {
 			super(sink);
 		}
 
@@ -333,6 +328,9 @@ public class OpenOLATPolicy {
 							&& attrs.get(i+1).startsWith("javascript:parent.goto")
 							&& OLATINTERNALURL.matcher(attrs.get(i + 1)).matches()) {
 						attrs.set(i, "href");
+					} else if("href".equals(attr) && i+1 < numOfAttrs
+							&& attrs.get(i+1).startsWith(MEDIA_HOST)) {
+						attrs.set(i + 1, attrs.get(i+1).substring(MEDIA_HOST.length()));
 					}	
 				}
 			}
@@ -354,7 +352,7 @@ public class OpenOLATPolicy {
 		// java.util.function.Predicate.
 		// For some reason the default test method implementation that calls
 		// through to apply is not assumed here.
-		@SuppressWarnings("unused")
+		@Override
 		public boolean test(String s) {
 			return apply(s);
 		}
@@ -387,7 +385,7 @@ public class OpenOLATPolicy {
 		// java.util.function.Predicate.
 		// For some reason the default test method implementation that calls
 		// through to apply is not assumed here.
-		@SuppressWarnings("unused")
+		@Override
 		public boolean test(String s) {
 			return apply(s);
 		}
diff --git a/src/main/java/org/olat/modules/webFeed/RSSFeed.java b/src/main/java/org/olat/modules/webFeed/RSSFeed.java
index a91794b13a99a10efbfa674695e786246063c54a..51ffebf3b10154f822480deeb3ee58c13c8b1b36 100644
--- a/src/main/java/org/olat/modules/webFeed/RSSFeed.java
+++ b/src/main/java/org/olat/modules/webFeed/RSSFeed.java
@@ -62,7 +62,7 @@ public class RSSFeed extends SyndFeedImpl {
 
 		setFeedType("rss_2.0");
 		setEncoding(PersonalRSSServlet.DEFAULT_ENCODING);
-		setTitle(feed.getTitle());
+		setTitle(feed.getTitle() == null ? "-" : feed.getTitle());
 		// According to the rss specification, the feed channel description is not
 		// (explicitly) allowed to contain html tags.
 		String strippedDescription = FilterFactory.getHtmlTagsFilter().filter(feed.getDescription());
diff --git a/src/main/java/org/olat/modules/webFeed/SyndFeedMediaResource.java b/src/main/java/org/olat/modules/webFeed/SyndFeedMediaResource.java
index 6e41d45280878f6f3c64a29e2324b4002415ce12..a48e902644a06fcde0fa9020e76e2fa956066a28 100644
--- a/src/main/java/org/olat/modules/webFeed/SyndFeedMediaResource.java
+++ b/src/main/java/org/olat/modules/webFeed/SyndFeedMediaResource.java
@@ -26,8 +26,10 @@ import java.util.Date;
 
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.logging.log4j.Logger;
 import org.olat.core.commons.services.notifications.PersonalRSSServlet;
 import org.olat.core.gui.media.MediaResource;
+import org.olat.core.logging.Tracing;
 
 import com.rometools.rome.feed.synd.SyndFeed;
 import com.rometools.rome.io.FeedException;
@@ -42,6 +44,8 @@ import com.rometools.rome.io.SyndFeedOutput;
  * @author gwassmann
  */
 public class SyndFeedMediaResource implements MediaResource {
+	
+	private static final Logger log = Tracing.createLoggerFor(SyndFeedMediaResource.class);
 
 	private SyndFeed feed;
 	private String feedString;
@@ -55,7 +59,7 @@ public class SyndFeedMediaResource implements MediaResource {
 			SyndFeedOutput output = new SyndFeedOutput();
 			feedString = output.outputString(feed);
 		} catch (FeedException e) {
-			// cannot convert feed to string or something
+			log.error("", e);
 		}
 	}
 	
diff --git a/src/test/java/org/olat/core/util/filter/impl/XSSFilterParamTest.java b/src/test/java/org/olat/core/util/filter/impl/XSSFilterParamTest.java
index 6bbd766efaf19dc5e6ed00b736899e9106ba4e81..da04872777d86315424f56f20e754bbd06f33f0e 100644
--- a/src/test/java/org/olat/core/util/filter/impl/XSSFilterParamTest.java
+++ b/src/test/java/org/olat/core/util/filter/impl/XSSFilterParamTest.java
@@ -185,6 +185,9 @@ public class XSSFilterParamTest {
 				"<img src=\"/olat/edusharing/preview?objectUrl&#61;ccrep://OpenOLAT/d5130470-14b4-4ad4-88b7-dfb3ebe943da&amp;version&#61;1.0\" data-es_identifier=\"2083dbe64f00b07232b11608ec0842fc\" data-es_objecturl=\"ccrep://OpenOLAT/d5130470-14b4-4ad4-88b7-dfb3ebe943da\" data-es_version=\"1.0\" data-es_version_current=\"1.0\" data-es_mediatype=\"i23\" data-es_mimetype=\"image/png\" data-es_width=\"1000\" data-es_height=\"446\" data-es_first_edit=\"false\" class=\"edusharing\" alt=\"Bildschirmfoto 2018-11-07 um 16.09.49.png\" title=\"Bildschirmfoto 2018-11-07 um 16.09.49.png\" width=\"1000\" height=\"446\" />"	
 			},
 			{ "<a href=\"javascript:parent.gotonode(100055283652712)\">Test</a>", "<a href=\"javascript:parent.gotonode(100055283652712)\">Test</a>" },
+			{ "<a href=\"media/LTT ZUJ SCM 09.09.2019.pdf\">doc</a>", "<a href=\"media/LTT%20ZUJ%20SCM%2009.09.2019.pdf\">doc</a>" },
+			{ "<a href=\"media/LTT%20ZUJ%20SCM%2009.09.2019.pdf\">doc</a>", "<a href=\"media/LTT%20ZUJ%20SCM%2009.09.2019.pdf\">doc</a>" },
+			{ "<p><img class=\"b_float_left\" src=\"media/IMG 1484.jpg\" width=\"74\" height=\"74\" /></p>", "<p><img class=\"b_float_left\" src=\"media/IMG%201484.jpg\" width=\"74\" height=\"74\" /></p>" },
 			{ null, "" } // be tolerant
         });
     }