如何在XML属性中编码JavaScript文本？

I have a piece of JavaScript string, coming from an untrusted source, embedded inside of an onclick tag and I'm not sure what the correct way of encoding this string is. Here is a simplification of the HTML:I have a piece of JavaScript string, coming fro