diff --git a/api/src/main/java/org/openmrs/ui/framework/UiUtils.java b/api/src/main/java/org/openmrs/ui/framework/UiUtils.java
index c1b77b5..ec1fa5d 100644
--- a/api/src/main/java/org/openmrs/ui/framework/UiUtils.java
+++ b/api/src/main/java/org/openmrs/ui/framework/UiUtils.java
@@ -477,9 +477,12 @@ public String escapeJs(String input) {
 		if (input == null) {
 			return null;
 		}
-		input = input.replaceAll("\n", "\\\\n");
-		input = input.replaceAll("'", "\\\\'");
-		input = input.replaceAll("\"", "\\\\\"");
+		
+		input = input.replace("\\", "\\\\");
+		input = input.replace("\n", "\\n");
+		input = input.replace("\r", "\\r");
+		input = input.replace("'", "\\'");
+		input = input.replace("\"", "\\\"");
 		return input;
 	}
 	
@@ -683,11 +686,9 @@ public String getClientTimezone() {
 	public void setClientTimezone(String clientTimezone) {
 		try {
 			Context.addProxyPrivilege(PrivilegeConstants.EDIT_USERS);
-
 			String propertyName = Context.getAdministrationService()
-					.getGlobalProperty(UiFrameworkConstants.UP_CLIENT_TIMEZONE);
+			        .getGlobalProperty(UiFrameworkConstants.UP_CLIENT_TIMEZONE);
 			String currentClientTimezone = Context.getAuthenticatedUser().getUserProperty(propertyName);
-
 			if (currentClientTimezone == null || !currentClientTimezone.equals(clientTimezone)) {
 				Context.getUserService().setUserProperty(Context.getAuthenticatedUser(), propertyName, clientTimezone);
 			}
diff --git a/api/src/test/java/org/openmrs/ui/framework/UiUtilsTest.java b/api/src/test/java/org/openmrs/ui/framework/UiUtilsTest.java
index f15287c..12d5728 100644
--- a/api/src/test/java/org/openmrs/ui/framework/UiUtilsTest.java
+++ b/api/src/test/java/org/openmrs/ui/framework/UiUtilsTest.java
@@ -122,4 +122,26 @@ public void urlBind_shouldProperlyBindPatientAndVisit() {
 		
 	}
 	
+	@Test
+	public void escapeJs_shouldEscapeBackslash() {
+		Assert.assertEquals("Foo \\\\", ui.escapeJs("Foo \\"));
+	}
+	
+	@Test
+	public void escapeJs_shouldPreventXSSViaBackslashInjection() {
+		String input = "Foo \\\"}];alert(0);[// Bar";
+		String expected = "Foo \\\\\\\"}];alert(0);[// Bar";
+		Assert.assertEquals(expected, ui.escapeJs(input));
+	}
+	
+	@Test
+	public void escapeJs_shouldEscapeDoubleQuote() {
+		Assert.assertEquals("say \\\"hi\\\"", ui.escapeJs("say \"hi\""));
+	}
+	
+	@Test
+	public void escapeJs_shouldReturnNullForNullInput() {
+		Assert.assertNull(ui.escapeJs(null));
+	}
+	
 }