please don't facepalm on me over this
No, I understand, but this is a very old style of generating HTML - probably my very first attempts at CGI scripts from over 20 years ago looked like this :-) But also, the issues with double quotes would have existed the entire time, even without the Perl upgrade. Also, I agree with huck that it's possible that maybe something has changed in the way the data gets handed to your script.
my boss is going to kill me
Well, if he needs further convincing, then tell him that HTML generation code like this exposes your customers to a Cross-site scripting (XSS) attack (longer explanation).
I get that I have to manually escape every HTML entity by hand, right?
I'm sorry to say yes. The minimal change needed to the code you showed is the following (encode_entities), keeping in mind that it encodes $SOAPResult once and then the value stays that way, so if you need the value for something else later you should modify a copy instead, like e.g. encode_entities(my $copy=$SOAPResult);
use HTML::Entities qw/encode_entities/;
my $SOAPResult = q{ "Hello" <world> & };
encode_entities($SOAPResult);
print <<"EndOfText";
<input type="text" name="mytext" id="mytext" value="$SOAPResult"/>
EndOfText
__END__
<input type="text" name="mytext" id="mytext" value=" "Hello&quo
+t; <world> &amp; "/>
