If a project has a double-quote in its name, it's not xml-escaped when used in "title" attribute. For example, if we have a project named 14" monitors, the html will look like:
<select name="pid" ....> <option title="14" monitors" value="10000" >14" monitors</option>
This causes JIRA Client to hiccup on this page and lose a lot of functionality. On web browser, the title is displayed incorrectly.
I can only imagine what would happen if a project contained the following characters: "></html> :)