Roll query prompt breaks when using a single quote

Reproduction Path: ?{Saving Throw|Strength, stre'ngth|Dexterity, dext'erity} Select one of the options and the output becomes "stre" or "dext". Should be all browsers - I tested on Chrome 44. Real case: Custom skill names in 5e often have single quotes. "Navigator's Tools", "Thieves' Tools", etc. So using a single quote in their name breaks my cool skill query macro.

Like the other ways it breaks, you can work around it using an html entity, ' in this case.  Commas are also a problem (,) as are vertical bars (|) though I think that one is listed in one of the other threads. Come to think of it, I haven't tried quotation marks yet though I'd expect issues with them also, if only because the single quote breaks it.

Diana P said: Like the other ways it breaks, you can work around it using an html entity, ' in this case.  Commas are also a problem (,) as are vertical bars (|) though I think that one is listed in one of the other threads. I cannot in this case as the custom skill's name is controlled by the user - else I could indeed imploy the same workaround.

Mark, you're running afoul of our sanitization. Unfortunately there isn't an easy solution, since we're letting you create values for html elements and we can't take chances with data we're passing through.

Steve K. said: Mark, you're running afoul of our sanitization. Unfortunately there isn't an easy solution, since we're letting you create values for html elements and we can't take chances with data we're passing through. Couldn't you  escape it ? That should get rid of all the problems. For example: escape("'"); "%27" Obviously it likely isn't this simple of a change I'm sure - it would likely require more work to fit in your sanitization, but it should be possible. Otherwise query can't work in many cases. :( Any weird names (think drow, orcs, or trolls) would be a common case as well.

Alright, we put in support for apostrophies in values.

Looks to be working! Thank you so so much! :)