Potential issue fix

src/main/java/org/primefaces/util/ComponentUtils.java

@@ -425,6 +425,37 @@ public static String escapeText(String text) {
 
         return sb.toString();
     }
+
+    public static String escapeEcmaScriptText(String text) {
+        if(text == null) {
+            return null;
+        }
+
+        StringBuilder sb = SharedStringBuilder.get(SB_ESCAPE_TEXT);
+
+        for (int i = 0; i < text.length(); i++) {
+            char ch = text.charAt(i);
+            switch (ch) {
+                case '"':
+                    sb.append("\\\"");
+                    break;
+                case '\'':
+                    sb.append("\\'");
+                    break;
+                case '\\':
+                    sb.append("\\\\");
+                    break;
+                case '/':
+                    sb.append("\\/");
+                    break;
+                default:
+                    sb.append(ch);
+                    break;
+            }
+        }
+
+        return sb.toString();
+    }
 
     /**
      * Replace special characters with XML escapes:

src/main/java/org/primefaces/util/WidgetBuilder.java

@@ -100,7 +100,7 @@ public WidgetBuilder attr(String name, String value) throws IOException {
             context.getResponseWriter().write(",");
             context.getResponseWriter().write(name);
             context.getResponseWriter().write(":\"");
-        	context.getResponseWriter().write(value);
+        	context.getResponseWriter().write(ComponentUtils.escapeEcmaScriptText(value));
             context.getResponseWriter().write("\"");
         }
 
@@ -156,7 +156,7 @@ public WidgetBuilder attr(String name, String value, String defaultValue) throws
             context.getResponseWriter().write(",");
 	        context.getResponseWriter().write(name);
 	        context.getResponseWriter().write(":\"");
-	        context.getResponseWriter().write(value);
+	        context.getResponseWriter().write(ComponentUtils.escapeEcmaScriptText(value));
 	        context.getResponseWriter().write("\"");
         }
 

src/test/java/org/primefaces/mock/FacesContextMock.java

@@ -59,6 +59,13 @@ public FacesContextMock(Map<Object, Object> attributes) {
             this();
             this.attributes = attributes;
 	}
+
+    public FacesContextMock(ResponseWriter writer, Map<Object, Object> attributes) {
+		this.writer = writer;
+        this.attributes = attributes;
+
+		setCurrentInstance(this);
+	}
 
 	@Override
     public Map<Object, Object> getAttributes() {

src/test/java/org/primefaces/util/WidgetBuilderTest.java

@@ -17,6 +17,7 @@
 
 import org.primefaces.mock.CollectingResponseWriter;
 import java.io.IOException;
+import java.util.HashMap;
 
 import org.junit.Test;
 import org.primefaces.mock.FacesContextMock;
@@ -68,7 +69,7 @@ public void initWithComponentLoad() throws IOException {
     public void shouldBuildWithAttributes() throws IOException {
     	CollectingResponseWriter writer = new CollectingResponseWriter();
 
-    	WidgetBuilder builder = new WidgetBuilder(new FacesContextMock(writer));
+    	WidgetBuilder builder = new WidgetBuilder(new FacesContextMock(writer, new HashMap<Object, Object>()));
         builder.initWithDomReady("DataTable", "dt", "dt1");
         builder.attr("selectionMode", "single", null);
         builder.attr("lazy", true, false);
@@ -85,7 +86,7 @@ public void shouldBuildWithAttributes() throws IOException {
     public void shouldBuildWithCallbacks() throws IOException {
     	CollectingResponseWriter writer = new CollectingResponseWriter();
 
-        WidgetBuilder builder = new WidgetBuilder(new FacesContextMock(writer));
+        WidgetBuilder builder = new WidgetBuilder(new FacesContextMock(writer, new HashMap<Object, Object>()));
         builder.init("DataTable", "dt", "dt1");
         builder.attr("selectionMode", "single", null);
         builder.attr("lazy", true, false);