id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 21731,"django.utils.text.javascript_quote does not escape "" }}} The dynamic text could be: {{{ Action! }}} So the relevant section of the template would be: {{{ $(""#reviews"").append('Action!'); }}} As you can see the javascript code will break because of single quotes inside single quotes. But with javascript_quote, the relevant section of the template would be: {{{$(""#reviews"").append('Action!');}}} So all is well! Well, not really. The javascript_quote only escapes carriage returns and single and double quotes and backslashes. But this is not enough. It needs to escape ""alert(""Manly man loves cute cat"");');}}} The """" (without double quotes) will break the javascript code. It is the closing tag of javascript code in html. In fact, Rails escapes ""