diff -ru TYPO3core/t3lib/class.t3lib_div.php TYPO3core.utfjs/t3lib/class.t3lib_div.php
--- TYPO3core/t3lib/class.t3lib_div.php	2005-10-04 13:58:14.000000000 +0200
+++ TYPO3core.utfjs/t3lib/class.t3lib_div.php	2005-10-22 18:12:41.922450248 +0200
@@ -3881,6 +3881,16 @@
 
 		return $paramsArr;
 	}
+
+	function quoteJSvalue($value, $inScriptTags = false)	{
+		$value = addcslashes($value, '\''.chr(10).chr(13));
+		if (!$inScriptTags)	{
+			$value = htmlspecialchars($value);
+		}
+		return '\''.$value.'\'';
+	}
+
+
 }
 
 ?>
\ No newline at end of file
diff -ru TYPO3core/t3lib/class.t3lib_tsfebeuserauth.php TYPO3core.utfjs/t3lib/class.t3lib_tsfebeuserauth.php
--- TYPO3core/t3lib/class.t3lib_tsfebeuserauth.php	2005-06-20 00:48:48.000000000 +0200
+++ TYPO3core.utfjs/t3lib/class.t3lib_tsfebeuserauth.php	2005-10-22 19:49:29.268925576 +0200
@@ -879,14 +879,13 @@
 			#include('./'.TYPO3_mainDir.'sysext/lang/locallang_tsfe.php');
 			if (!is_array($LOCAL_LANG))		$LOCAL_LANG=array();
 		}
-
-		$labelStr = htmlspecialchars($GLOBALS['LANG']->getLL($key));	// Label string in the default backend output charset.
-
+			
 			// Convert to utf-8, then to entities:
 		if ($GLOBALS['LANG']->charSet!='utf-8')	{
-			$labelStr = $GLOBALS['LANG']->csConvObj->utf8_encode($labelStr,$GLOBALS['LANG']->charSet);
+			$labelStr = $GLOBALS['LANG']->csConvObj->utf8_encode($GLOBALS['LANG']->getLL($key), $GLOBALS['LANG']->charSet);
 		}
-		$labelStr = $GLOBALS['LANG']->csConvObj->utf8_to_entities($labelStr);
+
+		$labelStr = htmlspecialchars($GLOBALS['LANG']->getLL($key));	// Label string in the default backend output charset.
 
 			// Return the result:
 		return $labelStr;
diff -ru TYPO3core/t3lib/jsfunc.menu.js TYPO3core.utfjs/t3lib/jsfunc.menu.js
--- TYPO3core/t3lib/jsfunc.menu.js	2005-10-21 16:53:56.201678720 +0200
+++ TYPO3core.utfjs/t3lib/jsfunc.menu.js	2005-10-22 18:43:20.576103584 +0200
@@ -52,7 +52,7 @@
 function JSmenuAddItem (parent,prevItem,openID,title,url,target) {
 	this.count++;
 	var entryID = this.count;
-	this.entry[entryID] = new JSmenuItem (this, entryID, 0, parent, openID, unescape(title), unescape(url), target);
+	this.entry[entryID] = new JSmenuItem (this, entryID, 0, parent, openID, title, url, target);
 	if (prevItem) {
 		this.entry[prevItem].nextItem = entryID;
 	} else if(parent) {
diff -ru TYPO3core/typo3/sysext/cms/tslib/class.tslib_content.php TYPO3core.utfjs/typo3/sysext/cms/tslib/class.tslib_content.php
--- TYPO3core/typo3/sysext/cms/tslib/class.tslib_content.php	2005-10-07 14:16:21.000000000 +0200
+++ TYPO3core.utfjs/typo3/sysext/cms/tslib/class.tslib_content.php	2005-10-22 19:47:30.798935752 +0200
@@ -1971,7 +1971,7 @@
 		$hiddenfields = '<div style="display:none;">'.$hiddenfields.'</div>';
 
 		if ($conf['REQ'])	{
-			$validateForm=' onsubmit="return validateForm(\''.$formname.'\',\''.implode(',',$fieldlist).'\',\''.rawurlencode($conf['goodMess']).'\',\''.rawurlencode($conf['badMess']).'\',\''.rawurlencode($conf['emailMess']).'\')"';
+			$validateForm=' onsubmit="return validateForm(\''.$formname.'\',\''.implode(',',$fieldlist).'\','.t3lib_div::quoteJSvalue($conf['goodMess']).','.t3lib_div::quoteJSvalue($conf['badMess']).','.t3lib_div::quoteJSvalue($conf['emailMess']).')"';
 			$GLOBALS['TSFE']->additionalHeaderData['JSFormValidate'] = '<script type="text/javascript" src="'.$GLOBALS['TSFE']->absRefPrefix.'t3lib/jsfunc.validateform.js"></script>';
 		} else $validateForm='';
 
@@ -5812,12 +5812,12 @@
 				reset($value);
 				while(list(,$Nvalue)=each($value))	{
 					$JSPart.="
-	updateForm('".$formName."','".$arrPrefix."[".$fKey."][]',unescape('".rawurlencode($Nvalue)."'))";
+	updateForm('".$formName."','".$arrPrefix."[".$fKey."][]',".t3lib_div::quoteJSvalue($Nvalue, true).")";
 				}
 
 			} else {
 				$JSPart.="
-	updateForm('".$formName."','".$arrPrefix."[".$fKey."]',unescape('".rawurlencode($value)."'))";
+	updateForm('".$formName."','".$arrPrefix."[".$fKey."]',".t3lib_div::quoteJSvalue($value, true).")";
 			}
 		}
 		$JSPart='<script type="text/javascript">
@@ -6817,7 +6817,7 @@
 			}
 		} else {
 			if ($confirm)	{
-				$cf1="if (confirm(unescape('".t3lib_div::rawurlencodeJS($confirm)."'))){";
+				$cf1="if (confirm(".str_replace(chr(10), '\n', t3lib_div::quoteJSvalue($confirm, true)).")){";			// Gets htmlspecialchared later
 				$cf2='}';
 			} else {
 				$cf1=$cf2='';
diff -ru TYPO3core/typo3/sysext/cms/tslib/class.tslib_menu.php TYPO3core.utfjs/typo3/sysext/cms/tslib/class.tslib_menu.php
--- TYPO3core/typo3/sysext/cms/tslib/class.tslib_menu.php	2005-10-04 13:58:22.000000000 +0200
+++ TYPO3core.utfjs/typo3/sysext/cms/tslib/class.tslib_menu.php	2005-10-22 19:09:45.506669096 +0200
@@ -2719,7 +2719,7 @@
 					} else {
 						$addLines = '';
 					}
-					$title=rawurlencode($data['title']);
+					$title=$data['title'];
 					$url='';
 					$target='';
 					if ((!$addLines && !$levelConf['noLink']) || $levelConf['alwaysLink']) {
@@ -2731,7 +2731,7 @@
 						$url = rawurlencode($LD['totalURL']);
 						$target = rawurlencode($LD['target']);
 					}
-					$codeLines.="\n".$var.$count."=".$menuName.".add(".$parent.",".$prev.",0,'".$title."','".$GLOBALS['TSFE']->baseUrlWrap($url)."','".$target."');";
+					$codeLines.="\n".$var.$count."=".$menuName.".add(".$parent.",".$prev.",0,".t3lib_div::quoteJSvalue($title, true).",'".$GLOBALS['TSFE']->baseUrlWrap($url)."','".$target."');";
 						// If the active one should be chosen...
 					$active = ($levelConf['showActive'] && $data['uid'] == $this->tmpl->rootLine[$count]['uid']);
 						// If the first item should be shown
@@ -2756,7 +2756,7 @@
 			$levelConf['firstLabel'] = $this->mconf['firstLabelGeneral'];
 		}
 		if ($levelConf['firstLabel'] && $codeLines)	{
-			$codeLines.="\n".$menuName.".defTopTitle[".$count."] = unescape('".rawurlencode($levelConf['firstLabel'])."');";
+			$codeLines.= chr(10).$menuName.'.defTopTitle['.$count.'] = '.t3lib_div::quoteJSvalue($levelConf['firstLabel'], true).';';
 		}
 		return $codeLines;
 	}