The JSENCODE function encodes text strings and merge field values for use in JavaScript by inserting escape characters, such as a backslash (\), before unsafe JavaScript characters, such as the apostrophe (').
{!JSENCODE(text)} and replace text with the merge field or text string that contains the unsafe JavaScript characters.
{!JSENCODE(text)} and replace text with the merge field or text string that contains the unsafe JavaScript characters.
doc:
http://www.salesforce.com/us/developer/docs/apexcode/Content/pages_security_tips_scontrols.htm