You can use autoEscape(0) to turn off escaping and autoEscape(1) to turn it back on - but it doesn't look like a very good idea IMHO - particularly as the escaping doesn't hurt you.

e.g.

autoEscape(0);
$result .= $cgi->button(
         -name=>'AddFlagNote',
         -value=>'Add Flag Note',
         -onclick=>"{return addNote('FlagNotesTable');}");
autoEscape(1);
[download]