The buildURL function doesn't add the form_id parameter that protects backend forms and links from hijacking.
When is your function called? Is there a link or a form on the page that you want to follow/submit?
If so, you can get the URL via jQuery, something like this:
var url = jQuery('form#my_form').attr('action');
var url = jQuery('a#my_link').attr('href');