--- loncom/interface/lonmodifycourse.pm	2015/05/22 21:08:42	1.77
+++ loncom/interface/lonmodifycourse.pm	2015/06/09 21:22:56	1.78
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # handler for DC-only modifiable course settings
 #
-# $Id: lonmodifycourse.pm,v 1.77 2015/05/22 21:08:42 raeburn Exp $
+# $Id: lonmodifycourse.pm,v 1.78 2015/06/09 21:22:56 damieng Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -1901,6 +1901,8 @@ function hide_searching() {
     } elsif ($phase eq 'setquota') {
         my $invalid = &mt('The quota you entered contained invalid characters.');
         my $alert = &mt('You must enter a number');
+        &js_escape(\$invalid);
+        &js_escape(\$alert);
         my $regexp = '/^\s*(\d+\.?\d*|\.\d+)\s*$/';
         $js .= <<"ENDSCRIPT";
 
@@ -1920,6 +1922,8 @@ ENDSCRIPT
     } elsif ($phase eq 'setanon') {
         my $invalid = &mt('The responder threshold you entered is invalid.');
         my $alert = &mt('You must enter a positive integer.');
+        &js_escape(\$invalid);
+        &js_escape(\$alert);
         my $regexp = ' /^\s*\d+\s*$/';
         $js .= <<"ENDSCRIPT";
 
@@ -1945,6 +1949,9 @@ ENDSCRIPT
         my $invalid = &mt('The choice entered for disabling the submit button is invalid.');
         my $invalidtimeout = &mt('The timeout you entered for disabling the submit button is invalid.');
         my $alert = &mt('Enter one of: a positive integer, 0 (for no timeout), or leave blank to use domain default');
+        &js_escape(\$invalid);
+        &js_escape(\$invalidtimeout);
+        &js_escape(\$alert);
         my $regexp = ' /^\s*\d+\s*$/';
 
         $js .= <<"ENDSCRIPT";