diff --git a/ChangeLog b/ChangeLog
index bb899baab..7f39eff89 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,8 @@ $Source$
     * Documentation.html: updated style config option descriptions
     * libraries/common.lib.php: added PMA_escapeJsString() to escape strings for
       JavaScript inside CDATA blocks
+    * libraries/footer.inc.php: correctly escape strings inside JavaScript
+      (part of bug #1532721)
 
 2006-08-01 Marc Delisle  <lem9@users.sourceforge.net>
     * Documentation.html: patch #1532493 + light editing from me,
diff --git a/libraries/footer.inc.php b/libraries/footer.inc.php
index 09e28efb0..285da4c56 100644
--- a/libraries/footer.inc.php
+++ b/libraries/footer.inc.php
@@ -25,7 +25,12 @@ if (! isset($GLOBALS['no_history']) && isset($GLOBALS['db'])
     $table = isset($GLOBALS['table']) ? $GLOBALS['table'] : ''; ?>
 // updates current settings
 if (window.parent.setAll) {
-    window.parent.setAll('<?php echo $GLOBALS['lang']; ?>', '<?php echo htmlspecialchars($GLOBALS['collation_connection']); ?>', '<?php echo $GLOBALS['server']; ?>', '<?php echo htmlspecialchars($GLOBALS['db']); ?>', '<?php echo htmlspecialchars($table); ?>');
+    window.parent.setAll('<?php
+        echo PMA_escapeJsString($GLOBALS['lang']) . "', '";
+        echo PMA_escapeJsString($GLOBALS['collation_connection']) . "', '";
+        echo PMA_escapeJsString($GLOBALS['server']) . "', '";
+        echo PMA_escapeJsString($GLOBALS['db']) . "', '";
+        echo PMA_escapeJsString($table); ?>');
 }
 <?php } ?>
 
@@ -54,9 +59,9 @@ if (! isset($GLOBALS['no_history']) && empty($GLOBALS['error_message'])) {
 // set current db, table and sql query in the querywindow
 if (window.parent.refreshNavigation) {
     window.parent.reload_querywindow(
-        "<?php echo isset($GLOBALS['db']) ? htmlspecialchars(addslashes($GLOBALS['db'])) : '' ?>",
-        "<?php echo isset($GLOBALS['table']) ? htmlspecialchars(addslashes($GLOBALS['table'])) : '' ?>",
-        "<?php echo isset($GLOBALS['sql_query']) ? htmlspecialchars(urlencode($GLOBALS['sql_query'])) : ''; ?>");
+        '<?php echo isset($GLOBALS['db']) ? PMA_escapeJsString($GLOBALS['db']) : '' ?>',
+        '<?php echo isset($GLOBALS['table']) ? PMA_escapeJsString($GLOBALS['table']) : '' ?>',
+        '<?php echo isset($GLOBALS['sql_query']) ? PMA_escapeJsString($GLOBALS['sql_query']) : ''; ?>');
 }
 <?php } ?>