Index: library/Zend/Json/Encoder.php
===================================================================
--- library/Zend/Json/Encoder.php	(revision 19971)
+++ library/Zend/Json/Encoder.php	(working copy)
@@ -252,8 +252,8 @@
     {
         // Escape these characters with a backslash:
         // " \ / \n \r \t \b \f
-        $search  = array('\\', "\n", "\t", "\r", "\b", "\f", '"');
-        $replace = array('\\\\', '\\n', '\\t', '\\r', '\\b', '\\f', '\"');
+        $search  = array('\\', "\n", "\t", "\r", "\b", "\f", '"', '/');
+        $replace = array('\\\\', '\\n', '\\t', '\\r', '\\b', '\\f', '\"', '\\/');
         $string  = str_replace($search, $replace, $string);
 
         // Escape certain ASCII characters:
Index: tests/Zend/JsonTest.php
===================================================================
--- tests/Zend/JsonTest.php	(revision 19971)
+++ tests/Zend/JsonTest.php	(working copy)
@@ -720,6 +720,33 @@
     {
         $this->markTestIncomplete('Test is not yet finished.');
     }
+    
+    /**
+     * @group TBD
+     */
+    public function testNativeJsonEncoderWillProperlyEncodeHtmlEndTags()
+    {
+        $source = "</script><script>alert('XSS!!!')</script>";
+        $target = '"<\\/script><script>alert(\'XSS!!!\')<\\/script>"';
+        
+        // first test ext/json
+        Zend_Json::$useBuiltinEncoderDecoder = false;
+        $this->assertEquals($target, Zend_Json::encode($source));
+    }
+    
+    /**
+     * @group TBD
+     */
+    public function testBuiltinJsonEncoderWillProperlyEncodeHtmlEndTags()
+    {
+        $source = "</script><script>alert('XSS!!!')</script>";
+        $target = '"<\\/script><script>alert(\'XSS!!!\')<\\/script>"';
+        
+        // first test ext/json
+        Zend_Json::$useBuiltinEncoderDecoder = true;
+        $this->assertEquals($target, Zend_Json::encode($source));
+    }
+    
 }
 
 /**