diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index e1727f3bd..202ea2896 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -1,5 +1,6 @@
 7.10.0
- - fixed #11812: Checking www_ajaxSave's response in the cart js
+ - fixed #11812: Checking www_ajaxSave's response in the cart js, urlencoding
+   post parameters
 
 7.9.13
  - fixed #11783: Instances deleted during realtime run
diff --git a/www/extras/shop/cart.js b/www/extras/shop/cart.js
index e92f2e188..e2abf550b 100644
--- a/www/extras/shop/cart.js
+++ b/www/extras/shop/cart.js
@@ -305,6 +305,11 @@
                     return;
                 }
 
+                if (!id.match(/^[A-Za-z0-9_-]{22}$/)) {
+                    alert('Error: bad response trying to save address.');
+                    return;
+                }
+
                 function updateOne(dropdown) {
                     var opt = _.detect(dropdown.options, function (o) {
                         return o.text === label;
@@ -406,7 +411,7 @@
             var url   = this.baseUrl,
                 cb    = { success: success },
                 query = _(params).map(function (v, k) {
-                    return [k, v].join('=');
+                    return [k, escape(v)].join('=');
                 }).join('&');
 
             if (method === 'GET') {