Note to self: escape() in JavaScript is only suitable for latin-1 - a utf-8 string with special characters sends these as latin-1 characters over the line. Pretty stupid when you're tinkering with a form via Ajax and then sending a value to a function in the backend that actually expects utf-8. encodeURIComponent is the answer, not escape.