Everything seems escaped. How about backslashes? If not then you might have found a "Context Break" gadget.
Say you've got the following scenario:
X = "your input";
Y = "your input";
Try adding a backslash to the end of your input to un-terminate the string. If the backslash isn't escaped then you could break the context like this:
X = "your input\"; Y ="+alert(1)//";
BANG. JS execution.
We discuss this gadget and more in this episode: ctbb.show/59
