Index: /opt/cafe_2-5-x/chat/chat-tool/tool/src/java/org/sakaiproject/chat2/tool/ChatDelivery.java
===================================================================
--- /opt/cafe_2-5-x/chat/chat-tool/tool/src/java/org/sakaiproject/chat2/tool/ChatDelivery.java	(revision 49780)
+++ /opt/cafe_2-5-x/chat/chat-tool/tool/src/java/org/sakaiproject/chat2/tool/ChatDelivery.java	(working copy)
@@ -23,6 +23,7 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.commons.lang.StringEscapeUtils;
 import org.sakaiproject.chat2.model.ChatMessage;
 import org.sakaiproject.chat2.model.ChatManager;
 import org.sakaiproject.chat2.tool.ChatTool;
@@ -149,7 +150,7 @@
 
          StringBuilder retvalBuf = new StringBuilder();
 			retvalBuf.append( "try { appendMessage('" );
-			retvalBuf.append( sender.getDisplayName() );
+			retvalBuf.append( StringEscapeUtils.escapeJavaScript(sender.getDisplayName()) );
 			retvalBuf.append( "', '" );
 			retvalBuf.append( sender.getId() );
 			retvalBuf.append( "', '" );
@@ -161,7 +162,7 @@
 			retvalBuf.append( "', '" );
 			retvalBuf.append( messageTime.toString() );
 			retvalBuf.append( "', '" );
-			retvalBuf.append( msgbody );
+			retvalBuf.append( StringEscapeUtils.escapeJavaScript(msgbody) );
 			retvalBuf.append( "','" );
 			retvalBuf.append( message.getId() );
 			retvalBuf.append( "'); } catch (error) {alert(error);} " );