We found that is not possible to assign a location with an apostrophe to a user in Advance administration → User Management.
After analyses I found out that the problem is here:
When the HTML code is being generated, the variable locationName is being surrounded by ' . Meaning that, when the HTML is being interpreted, if the locationName as a ' it will be considered the end of the text.
A possible solution is to replace the ' in the code by a ".
I think that this would cause the same problem if someone used “ in a name. Is not the proper way to ensure the locationName is appropriately escaped for HTML? '.
But also all html characters such as < > & etc should also be escaped.