Problem is that the def_xml_transform method assumes output is to html, and generates an entity for each literal apostrophe in the data. If the output is in fact to a javascript string, then the ampersand in the entity is escaped to an ampersande entity leaving the hash, numeric value and semicolon as literal characters which appear in the javascript popup.
I had tracked this down and Mike Elkink suggested the easiest way to solve the problem.
To solve the problem, we have to add a new parameter to the def_xml_transform method with a default value of true and then in the call from the ajax_search set the value of that parameter to false.
in xmldb.php:
function def_xml_transform($xml, $stylesheet, $params = false)
becomes
function def_xml_transform($xml, $stylesheet, $params = false, $asHTML = true)
and
return $xml_result->saveHTML();
becomes
if ($asHTML) {
return $xml_result->saveHTML();
}
else {
return $xml_result;
}
in ajax_search.php
$xml_result = def_xml_transform('<root>' . $xml_result . '</root>', '../xslt/ajax_search.xsl');
becomes
$xml_result = def_xml_transform('<root>' . $xml_result . '</root>', '../xslt/ajax_search.xsl','false','false');
[not sure about the apostrophe delimiters around the two instances of false in that last line]