How to prevent XSS attack on selected window.location in javascript


This is my code where i have a userId in a method SwitchUser_Click. I need to prevent or somehow encode the return value from the switchUser_Click as it includes the UserId of a user vulnerable to XSS attack or redirects.

function SwitchUser_Click(containerElement, OnSuccess) {             var selecteduserId = $  ("select", containerElement).val();             var makeDefault = $  (":checkbox", containerElement).is(":checked");             window.location = "Default.aspx?uId=" + selecteduserId + "&userActive=" + (makeDefault ? "1" : "0");             OnSuccess();         } 

The belows code is called from aspx page by using Client.RegisterScript and passing the parameters. This is the only place SwitchUser_Click method is used.

function OpenSwitchUser(UserId,modCode,defUrl) {             defaultUrl = defUrl;             var options =             {                 controlUrl: "~/Controls/SwitchUserDialog.ascx",                 params: { uid:UserId, mod: modCode},                 top: 70,                 width: 600,                 height: 2500,                 OKCallback: SwitchUser_Click,                 InitCallback: SwitchUserDialog_Init,                 cancelCallback: SwitchUser_Close             };             $  .showControlDialog(options);         } 

I want to know how to encode my userId in the SwitchUser_Click method and decode it when its called. Or maybe there is some other way to do this . Thank you