--- loncom/interface/loncommon.pm	2014/12/11 01:16:33	1.1202
+++ loncom/interface/loncommon.pm	2014/12/20 15:35:40	1.1203
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # a pile of common routines
 #
-# $Id: loncommon.pm,v 1.1202 2014/12/11 01:16:33 raeburn Exp $
+# $Id: loncommon.pm,v 1.1203 2014/12/20 15:35:40 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -7733,10 +7733,12 @@ function set_wishlistlink(title, path) {
         title = title.replace(/^LON-CAPA /,'');
     }
     title = encodeURIComponent(title);
+    title = title.replace("'","\\\'");
     if (!path) {
         path = location.pathname;
     }
     path = encodeURIComponent(path);
+    path = path.replace("'","\\\'");
     Win = window.open('/adm/wishlist?mode=newLink&setTitle='+title+'&setPath='+path,
                       'wishlistNewLink','width=560,height=350,scrollbars=0');
 }
@@ -7779,6 +7781,7 @@ var modalWindow = {
 };
 	var openMyModal = function(source,width,height,scrolling,transparency,style)
 	{
+                source = source.replace("'","'");
 		modalWindow.windowId = "myModal";
 		modalWindow.width = width;
 		modalWindow.height = height;
@@ -14552,7 +14555,7 @@ sub escape_url {
     my ($url)   = @_;
     my @urlslices = split(/\//, $url,-1);
     my $lastitem = &escape(pop(@urlslices));
-    return join('/',@urlslices).'/'.$lastitem;
+    return &HTML::Entities::encode(join('/',@urlslices),"'").'/'.$lastitem;
 }
 
 sub compare_arrays {