diff --git a/library/HTMLPurifier/Generator.php b/library/HTMLPurifier/Generator.php
index 457fa905..30b0172a 100644
--- a/library/HTMLPurifier/Generator.php
+++ b/library/HTMLPurifier/Generator.php
@@ -165,7 +165,7 @@ public function generateFromToken($token)
 
         } elseif ($token instanceof HTMLPurifier_Token_Empty) {
             if ($this->_flashCompat && $token->name == "param" && !empty($this->_flashStack)) {
-                $this->_flashStack[count($this->_flashStack)-1]->param[$token->attr['name']] = $token->attr['value'];
+                $this->_flashStack[count($this->_flashStack)-1]->param[$token->attr['name'] ?? ''] = $token->attr['value'] ?? '';
             }
             $attr = $this->generateAttributes($token->attr, $token->name);
              return '<' . $token->name . ($attr ? ' ' : '') . $attr .
@@ -248,10 +248,10 @@ public function generateAttributes($assoc_array_of_attributes, $element = '')
             // don't process user input with innerHTML or you don't plan
             // on supporting Internet Explorer.
             if ($this->_innerHTMLFix) {
-                if (strpos($value, '`') !== false) {
+                if (strpos($value ?? '', '`') !== false) {
                     // check if correct quoting style would not already be
                     // triggered
-                    if (strcspn($value, '"\' <>') === strlen($value)) {
+                    if (strcspn($value ?? '', '"\' <>') === strlen($value ?? '')) {
                         // protect!
                         $value .= ' ';
                     }
@@ -279,7 +279,7 @@ public function escape($string, $quote = null)
         if ($quote === null) {
             $quote = ENT_COMPAT;
         }
-        return htmlspecialchars($string, $quote, 'UTF-8');
+        return htmlspecialchars($string ?? '', $quote, 'UTF-8');
     }
 }