diff --git a/code/portal_detail_display.js b/code/portal_detail_display.js
index ed2e3e8d..d1d69220 100644
--- a/code/portal_detail_display.js
+++ b/code/portal_detail_display.js
@@ -49,7 +49,7 @@ window.renderPortalDetails = function(guid) {
   var lng = d.locationE6.lngE6/1E6;
   var perma = '/intel?ll='+lat+','+lng+'&z=17&pll='+lat+','+lng;
   var imgTitle = 'title="'+getPortalDescriptionFromDetails(d)+'\n\nClick to show full image."';
-  var poslinks = 'window.showPortalPosLinks('+lat+','+lng+',\'' + d.portalV2.descriptiveText.TITLE + '\')';
+  var poslinks = 'window.showPortalPosLinks('+lat+','+lng+',\''+escapeJavascriptString(d.portalV2.descriptiveText.TITLE)+'\')';
 
   $('#portaldetails')
     .attr('class', TEAM_TO_CSS[getTeam(d)])
diff --git a/code/utils_misc.js b/code/utils_misc.js
index b7631e22..fc86503d 100644
--- a/code/utils_misc.js
+++ b/code/utils_misc.js
@@ -289,6 +289,12 @@ if (typeof String.prototype.startsWith !== 'function') {
   };
 }
 
+// escape a javascript string, so quotes and backslashes are escaped with a backslash
+// (for strings passed as parameters to html onclick="..." for example)
+window.escapeJavascriptString = function(str) {
+  return (str+'').replace(/[\\"']/g,'\\$&');
+}
+
 window.prettyEnergy = function(nrg) {
   return nrg> 1000 ? Math.round(nrg/1000) + ' k': nrg;
 }