--- common.inc	2010-02-05 14:27:37.000000000 +0200
+++ common.inc	2010-02-10 11:02:05.000000000 +0200
@@ -2403,9 +2403,9 @@ function drupal_to_js($var) {
       return $var;
     case 'resource':
     case 'string':
-      return '"'. str_replace(array("\r", "\n", "<", ">", "&", "\'"),
-                              array('\r', '\n', '\u003c', '\u003e', '\u0026', "'"),
-                              addslashes($var)) .'"';
+      return '"'. str_replace(array("\\", "\'", "\"", '"', '/', "\b", "\f", "\n", "\r", "\t", "\x00", "\x01", "\x02", "\x03", "\x04", "\x05", "\x06", "\x07", "\x08", "\x0a", "\x0b", "\x0c", "\x0d", "\x0e", "\x0f", "\x10", "\x11", "\x12", "\x13", "\x14", "\x15", "\x16", "\x17", "\x18", "\x1a", "\x1b", "\x1c", "\x1d", "\x1e", "\x1f"),
+                              array('\\\\', "\\'", "\\\"", "\"", '\/', '\\b', '\f', '\n', '\r', '\t', '\u0000', '\u0001', '\u0002', '\u0003', '\u0004', '\u0005', '\u0006', '\u0007', '\b', '\u000e', '\u000b', '\u0010', '\u0011', '\u000e', '\u000f', '\u0010', '\u0011', '\u0012', '\u0013', '\u0014', '\u0015', '\u0016', '\u0017', '\u0018', '\u001a', '\u001b', '\u001c', '\u001d', '\u001e', '\u001f'),
+                              $var) .'"';
     case 'array':
       // Arrays in JSON can't be associative. If the array is empty or if it
       // has sequential whole number keys starting with 0, it's not associative