From 0cdc525961d3fa98e810ffae6bcc8e3838e36d93 Mon Sep 17 00:00:00 2001
From: Dmitry Baranovskiy <Dmitry@Baranovskiy.com>
Date: Wed, 2 Mar 2011 08:12:24 +1100
Subject: [PATCH] Fixed escapeHTML function to skip not only &***;, but also
 &#***; and &x***;

---
 backbone.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backbone.js b/backbone.js
index 98ba0ddc..47e85aeb 100644
--- a/backbone.js
+++ b/backbone.js
@@ -1079,7 +1079,7 @@
 
   // Helper function to escape a string for HTML rendering.
   var escapeHTML = function(string) {
-    return string.replace(/&(?!\w+;)/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+    return string.replace(/&(?!\w+;|#\d+;|#x[\da-f]+;)/gi, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
   };
 
 }).call(this);