We noticed a javascript error in the configure dashboard option when the list of portlets includes the "Who's online portlet". Under IE6 with script debugging enabled this shows up during page load; under FF it shows up later when you hover over that portlet.
I tracked it down to jboss-portal.sar\portal-core.war\WEB-INF\jsp\content\portlet_editor.jsp.
The existing code uses the portlet displayName to construct a DIV.
<div class="darktip" id="info-container-<%= displayName %>">
becomes
<div class="darktip" id="info-container-Who's online portlet">
Then refers to that div in javascript a few lines later in a getElementById call, but if the div name has a single quote in it then it does not get escaped and so the javascript string is terminated.
<span onmouseover="domTT_activate(this, event, 'content', document.getElementById('info-container-<%= displayName %>'),'delay', 0 ...
becomes
<span onmouseover="domTT_activate(this, event, 'content', document.getElementById('info-container-Who's online portlet'),'delay', 0 ...
I think the problem with this approach of naming the DIV is that the HTML standard only allows ID values to use alphanumeric, hyphen, colon, underscore, period.
http://www.w3.org/TR/html401/types.html#type-name. I do not know what portlet display names allow, but clearly they allow problematic chars.
Here is a fix that is not perfect (because it does not account for duplicates) but is an improvement.
1) within the same for loop, above the <div line, define a variable and use the ID, not the displayName.
String sDivName = "info-container-" + instance.getId().replace(' ','.');
2) change the <div tag
<div class="darktip" id="<%=sDivName%>">
3) change the <span tag
<span onmouseover="domTT_activate(this, event, 'content', document.getElementById('<%=sDivName%>'),'delay', 0, ...
I don't know enough about JIRA to know if I am supposed to enter this there, or wait for someone to tell me to, or if someone else will do it.