Translations:Cross-site scripting/26/en

Always use the ENT_QUOTES flag which converts both double and single quotes. PHP has unfortunately "escape only single quotes" as default.