Escape/sanitize query

I have a query which is built from url parameters.

If I send in double quotes the query ends up being:

field LIKE """"

And you end up with:

500 Internal Server Error
line 1, column 91: AND, OR or EOF expected, encountered. (com.enonic.xp.resource.ResourceProblemException)

Is there a escape/sanitize query function, or perhaps I should just use some native js function?


One quick and dirty solution could be to have regexp with a list of allowed characters, and replace all other characters with space?

var whitelistRegEx = /[^\s\w()?!]+/g;
exports.whitelist = function(data) {
    return data.replace(whitelistRegEx, ' ');

(the code suggestion above was provided by @rfo )