Index: spamspan.module
===================================================================
--- spamspan.module	(revision 99)
+++ spamspan.module	(working copy)
@@ -205,7 +205,7 @@
         //replace the = in the headers arrays by ": " to look nicer
         $temp_headers[]= str_replace("=", ": ", $value);
             }
-        $output .= "<span class=\"h\"> (". implode(', ', $temp_headers) .") </span>";
+        $output .= "<span class=\"h\"> (". urldecode(implode(', ', $temp_headers)) .") </span>";
     }
 // if there are tag contents, include them, between round brackets, unless
 // the contents are an email address.  In that case, we can ignore them.  This
@@ -219,7 +219,7 @@
   $output .= "</span>";
   // remove anything except certain inline elements, just in case.  NB nested
   // <a> elements are illegal
-  $output = filter_xss($output, $allowed_tags = array('em', 'strong', 'cite', 'b', 'i', 'code', 'span'));
+  $output = filter_xss($output, $allowed_tags = array('em', 'strong', 'cite', 'b', 'i', 'code', 'span', 'img'));
   return $output;
 }
 
