--- common.inc	2009-10-30 13:25:59.000000000 +0200
+++ common.inc	2010-02-05 15:21:10.000000000 +0200
@@ -2403,8 +2403,8 @@ function drupal_to_js($var) {
       return $var;
     case 'resource':
     case 'string':
-      return '"'. str_replace(array("\r", "\n", "<", ">", "&"),
-                              array('\r', '\n', '\x3c', '\x3e', '\x26'),
+      return '"'. str_replace(array("<", ">", "&", "\'", '"', '\\', '/', '\b', '\f', '\n', '\r', '\t'),
+                              array('\u003C', '\u003E', '\u0026', "'", '\u0022', '\u005C', '\u002F', '\u0008', '\u000C', '\n000A', '\u000D', '\u0009'),
                               addslashes($var)) .'"';
     case 'array':
       // Arrays in JSON can't be associative. If the array is empty or if it