The single quote is no longer being escaped, which of course breaks use of the EscapeTag with Javascript. Given that Javascript is more likely generated than Java code, perhaps EscapeTag should instead call StringEscapeUtils.escapeJavaScript. EscapeTag r1.4 called StringUtils.escape(text), which back then had the effect of escaping for both java and javascript, where a single quote would get escaped. StringUtils.escape was deprecated and methods split out to escape for java or javascript. Note, the comment says it escapes to Java-compatible string, but then gives escaping a single quote as an example, which is no longer done in the util class. Note that escaping for javascript also escapes for java (but the reverse is not true).
Created attachment 13488 [details] Suggested patch (Java to JavaScript in two places)
Applied - thanks for the patch.