diff --git a/src/pkg/encoding/json/encode.go b/src/pkg/encoding/json/encode.go
index 5e8020502f..a112707269 100644
--- a/src/pkg/encoding/json/encode.go
+++ b/src/pkg/encoding/json/encode.go
@@ -734,7 +734,7 @@ func (e *encodeState) string(s string) (int, error) {
start := 0
for i := 0; i < len(s); {
if b := s[i]; b < utf8.RuneSelf {
- if 0x20 <= b && b != '\\' && b != '"' && b != '<' && b != '>' {
+ if 0x20 <= b && b != '\\' && b != '"' && b != '<' && b != '>' && b != '&' {
i++
continue
}
diff --git a/src/pkg/html/template/content_test.go b/src/pkg/html/template/content_test.go
index 5e130faacb..5f3ffe2d32 100644
--- a/src/pkg/html/template/content_test.go
+++ b/src/pkg/html/template/content_test.go
@@ -123,29 +123,29 @@ func TestTypedContent(t *testing.T) {
{
``,
[]string{
- `"\u003cb\u003e \"foo%\" O'Reilly &bar;"`,
+ `"\u003cb\u003e \"foo%\" O'Reilly \u0026bar;"`,
`"a[href =~ \"//example.com\"]#foo"`,
- `"Hello, \u003cb\u003eWorld\u003c/b\u003e &tc!"`,
+ `"Hello, \u003cb\u003eWorld\u003c/b\u003e \u0026amp;tc!"`,
`" dir=\"ltr\""`,
// Not escaped.
`c && alert("Hello, World!");`,
// Escape sequence not over-escaped.
`"Hello, World & O'Reilly\x21"`,
- `"greeting=H%69&addressee=(World)"`,
+ `"greeting=H%69\u0026addressee=(World)"`,
},
},
{
`