From ba96d168ec08436d01a97871bb7d2fcaefe79186 Mon Sep 17 00:00:00 2001
From: Jeremy Ashkenas <jashkenas@gmail.com>
Date: Mon, 31 Oct 2011 12:31:02 -0400
Subject: [PATCH] Fixes Issue #350 -- Making _.escape dumber to allow
 double-escaping of HTML entities.

---
 test/utility.js | 5 +++++
 underscore.js   | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/test/utility.js b/test/utility.js
index 976b3b996..f1f0bfb56 100644
--- a/test/utility.js
+++ b/test/utility.js
@@ -41,6 +41,11 @@ $(document).ready(function() {
     equals(_('champ').myReverse(), 'pmahc', 'mixed in a function to the OOP wrapper');
   });
 
+  test("utility: _.escape", function() {
+    equals(_.escape("Curly & Moe"), "Curly &amp; Moe");
+    equals(_.escape("Curly &amp; Moe"), "Curly &amp;amp; Moe");
+  });
+
   test("utility: template", function() {
     var basicTemplate = _.template("<%= thing %> is gettin' on my noives!");
     var result = basicTemplate({thing : 'This'});
diff --git a/underscore.js b/underscore.js
index 88f8dd93e..3737ddc1b 100644
--- a/underscore.js
+++ b/underscore.js
@@ -849,7 +849,7 @@
 
   // Escape a string for HTML interpolation.
   _.escape = function(string) {
-    return (''+string).replace(/&(?!\w+;|#\d+;|#x[\da-f]+;)/gi, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#x27;').replace(/\//g,'&#x2F;');
+    return (''+string).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#x27;').replace(/\//g,'&#x2F;');
   };
 
   // Add your own custom functions to the Underscore object, ensuring that