diff --git a/src/main/webapp/resources/js/downtime-report.js b/src/main/webapp/resources/js/downtime-report.js
index 31ad851..6329d64 100644
--- a/src/main/webapp/resources/js/downtime-report.js
+++ b/src/main/webapp/resources/js/downtime-report.js
@@ -260,7 +260,7 @@ jlab.doParetoChart = function () {
 
         if (href) {
             $(this).text("");
-            $(this).append('<a href="' + href + '" title="' + title + '">' + label + '</a>');
+            $(this).append('<a href="' + String(href).encodeXml() + '" title="' + String(title).encodeXml() + '">' + String(label).encodeXml() + '</a>');
         }
     });
 
@@ -353,7 +353,7 @@ jlab.doRowChart = function () {
 
         if (href) {
             $(this).text("");
-            $(this).append('<a href="' + href + '" title="' + title + '">' + label + '</a>');
+            $(this).append('<a href="' + String(href).encodeXml() + '" title="' + String(title).encodeXml() + '">' + String(label).encodeXml() + '</a>');
         }
     });
 };
@@ -475,7 +475,7 @@ jlab.doPieChart = function () {
 
         if (href) {
             $(this).text("");
-            $(this).append('<a href="' + href + '" title="' + title + '">' + label + '</a> ' + extra);
+            $(this).append('<a href="' + String(href).encodeXml() + '" title="' + String(title).encodeXml() + '">' + String(label).encodeXml() + '</a> ' + String(extra).encodeXml());
         } else {
             $(this).text(label + " " + extra);
         }
diff --git a/src/main/webapp/resources/js/dtm.js b/src/main/webapp/resources/js/dtm.js
index 0eed4df..4d278a9 100644
--- a/src/main/webapp/resources/js/dtm.js
+++ b/src/main/webapp/resources/js/dtm.js
@@ -18,7 +18,7 @@ jlab.uploadRARFile = function(incidentId, form) {
 
     promise.done(function(data){
         $("#rar-link").empty();
-        $("#rar-link").append('<a href="' + jlab.contextPath + jlab.rarLink + incidentId + '">RAR Document</a>');
+        $("#rar-link").append('<a href="' + String(jlab.contextPath + jlab.rarLink + incidentId).encodeXml() + '">RAR Document</a>');
     });
 
     promise.fail(function(xhr, textStatus){
@@ -152,7 +152,7 @@ jlab.filterSystemListByCategory = function (categoryId, systemSelectSelector, ap
                 $select.append('<option></option>');
             }
             $(data.optionList).each(function () {
-                $select.append('<option value="' + this.value + '">' + this.name + '</option>');
+                $select.append('<option value="' + String(this.value).encodeXml() + '">' + String(this.name).encodeXml() + '</option>');
             });
             if (!keephidden) {
                 $select.slideDown();
diff --git a/src/main/webapp/resources/js/event-list.js b/src/main/webapp/resources/js/event-list.js
index d1a4155..1c1dd49 100644
--- a/src/main/webapp/resources/js/event-list.js
+++ b/src/main/webapp/resources/js/event-list.js
@@ -389,7 +389,7 @@ jlab.dtm.prepareIncidentFormForEdit = function (skipSystemListLoad) {
 
     if (skipSystemListLoad === true) {
         $("#system").empty();
-        $("#system").append('<option selected="selected" value="' + systemId + '"> </option>');
+        $("#system").append('<option selected="selected" value="' + String(systemId).encodeXml() + '"> </option>');
     } else {
         jlab.dtm.filterSystemSelect(systemId);
     }
@@ -595,7 +595,7 @@ jlab.dtm.filterSystemSelect = function (setToSystemId) {
             $("#system").empty();
             $("#system").append('<option value=""> </option>');
             $(json.data).each(function () {
-                $("#system").append('<option value="' + this.id + '">' + this.name + '</option>');
+                $("#system").append('<option value="' + String(this.id).encodeXml() + '">' + String(this.name).encodeXml() + '</option>');
             });
             if (json.data.length === 1) {
                 $("#system").val(json.data[0].id);
@@ -881,13 +881,13 @@ $(document).on("click", ".open-edit-expert-review-dialog-button", function () {
     var experts = expertReviewerTsv.split("\t");
     
     for(var e of experts) {
-        $("#edit-expert-reviewers").append("<div>" + e + "</div>");
+        $("#edit-expert-reviewers").append("<div>" + String(e).encodeXml() + "</div>");
     }    
     
     $("#rar-link").empty();    
     
     if(rarExt !== '') {
-        $("#rar-link").append('<a href="' + jlab.contextPath + jlab.rarLink + incidentId + '">RAR Document</a>');
+        $("#rar-link").append('<a href="' + String(jlab.contextPath + jlab.rarLink + incidentId).encodeXml() + '">RAR Document</a>');
     }    
 
     var $acknowledgedKey = $("#acknowledged-key"); 
@@ -1000,7 +1000,7 @@ $(document).on("click", ".explanation-link", function () {
     $(".resolution-handle").remove();
 
     var explanation = $(this).attr("data-explanation");
-    $(this).append('<div class="explanation-handle"><div class="explanation-panel"><button class="close-bubble">X</button><div><h4>Explanation:</h4><div class="explanation-content">' + explanation + '</div></div></div></div>');
+    $(this).append('<div class="explanation-handle"><div class="explanation-panel"><button class="close-bubble">X</button><div><h4>Explanation:</h4><div class="explanation-content">' + String(explanation).encodeXml() + '</div></div></div></div>');
     return false;
 });
 $(document).on("click", ".review-link", function () {
@@ -1028,13 +1028,13 @@ $(document).on("click", ".review-link", function () {
     var experts = expertReviewerTsv.split("\t");
     
     for(var e of experts) {
-        $("#review-dialog-sys-reviewer").append("<div>" + e + "</div>");
+        $("#review-dialog-sys-reviewer").append("<div>" + String(e).encodeXml() + "</div>");
     }
     
     $("#review-dialog-rar-link").empty();    
     
     if(rarExt !== '') {
-        $("#review-dialog-rar-link").append('<a href="' + jlab.contextPath + jlab.rarLink + incidentId + '">RAR Document</a>');
+        $("#review-dialog-rar-link").append('<a href="' + String(jlab.contextPath + jlab.rarLink + incidentId).encodeXml() + '">RAR Document</a>');
     }
 
     $("#review-dialog").dialog("open");
diff --git a/src/main/webapp/resources/js/monthly-repair.js b/src/main/webapp/resources/js/monthly-repair.js
index 4b8b942..b17b5d2 100644
--- a/src/main/webapp/resources/js/monthly-repair.js
+++ b/src/main/webapp/resources/js/monthly-repair.js
@@ -30,7 +30,7 @@ jlab.getDataSource = function (bar) {
                 /*yvalue = parseFloat($("td." + jlab.flotSourceColumnClass, value).text().replace(/,/g, '')),*/
                 duration = parseFloat($("td:nth-child(3)", value).text().replace(/,/g, '')),
                 grouping = $("td:first-child", value).text(),
-                id = $("td:first-child", value).attr("data-id"),
+                id = parseInt($("td:first-child", value).attr("data-id")),
                 series = dataMap[grouping] || {};
 
         nameToIdMap[grouping] = id;
@@ -231,7 +231,7 @@ jlab.getDataSource = function (bar) {
             }
 
             if (includeCount) {
-                rowStr = rowStr + '<td>' + countMap[groupingNames[i]] + '</td>';
+                rowStr = rowStr + '<td>' + String(countMap[groupingNames[i]]).encodeXml() + '</td>';
             }
             if (includeRate) {
                 rowStr = rowStr + '<td>' + tripPerHourMap[groupingNames[i]].toFixed(1) + '</td>';
diff --git a/src/main/webapp/resources/js/run-compare.js b/src/main/webapp/resources/js/run-compare.js
index 95276f5..10e7662 100644
--- a/src/main/webapp/resources/js/run-compare.js
+++ b/src/main/webapp/resources/js/run-compare.js
@@ -118,7 +118,7 @@ $(document).on("click", "#add-selected-run-button", function(){
         return;
     }
 
-    $("#run-list").append('<li>' + label  + '<input type="hidden" name="label" value="' + label + '"/><input type="hidden" name="start" value="' + start + '"/><input type="hidden" name="end" value="' + end + '"/> <button type="button">X</button></li>');
+    $("#run-list").append('<li>' + String(label).encodeXml()  + '<input type="hidden" name="label" value="' + String(label).encodeXml() + '"/><input type="hidden" name="start" value="' + String(start).encodeXml() + '"/><input type="hidden" name="end" value="' + String(end).encodeXml() + '"/> <button type="button">X</button></li>');
     $("#add-run-dialog").dialog("close");
 });
 
diff --git a/src/main/webapp/resources/js/subsystem-expert.js b/src/main/webapp/resources/js/subsystem-expert.js
index cc676dd..df52bfa 100644
--- a/src/main/webapp/resources/js/subsystem-expert.js
+++ b/src/main/webapp/resources/js/subsystem-expert.js
@@ -62,7 +62,7 @@ jlab.dtm.deleteRow = function () {
 };
 
 jlab.dtm.addRow = function (expertId, username, first, last) {
-    var $row = ("<tr data-expert-id=\"" + expertId + "\"><td>" + last + ", " + first + " (" + username + ")</td></tr>");
+    var $row = ("<tr data-expert-id=\"" + String(expertId).encodeXml() + "\"><td>" + String(last).encodeXml() + ", " + String(first).encodeXml() + " (" + String(username).encodeXml() + ")</td></tr>");
     $("#expert-table tbody").append($row);
 };
 
diff --git a/src/main/webapp/resources/js/weekly-repair.js b/src/main/webapp/resources/js/weekly-repair.js
index 6b1a85c..2b0b6c6 100644
--- a/src/main/webapp/resources/js/weekly-repair.js
+++ b/src/main/webapp/resources/js/weekly-repair.js
@@ -29,7 +29,7 @@ jlab.prepareIncidentFormForEdit = function(skipSystemListLoad) {
 
     if (skipSystemListLoad === true) {
         $("#system").empty();
-        $("#system").append('<option selected="selected" value="' + systemId + '"> </option>');
+        $("#system").append('<option selected="selected" value="' + String(systemId).encodeXml() + '"> </option>');
     } else {
         jlab.dtm.filterSystemSelect(systemId);
     }