Heya.
I noticed the bug yesterday when trying to fix the access permissions for Testers.
I also spotted the reason why it failed to work, as fixed by Pete.
There isn't much of a solution to this... It's possible to 'simply' have JavaScriptEscape escape double quotes as well, but generally I'd tend to avoid anything that adds extra bytes to the page when not strictly necessary... It all comes down to this: if you're calling a complex function right inside an onclick event, you might as well try and not have double quotes inside it... It kinda makes sense. onclick="alert("hello")" will never validate, will never execute, and Wedge can try as hard as it can, it won't be able to save it either...
All in all: I made a small mistake while rewriting the alert() call, but that's because I was doing that on dozens of calls, and I was way too tired for the job. (See how I made multiple commits to fix bugs I'd just introduced...)
So, no, it's not an issue for the future. It's something that's been there for two years and that's here to stay. ;) We just need to determine whether we hardcode " into the language strings (not what I'd recommend), or add a param to JSE to have it convert double quotes as well...