diff --git a/simplejson/encoder.py b/simplejson/encoder.py
index 903176097e7968b04c56aec5dc686a53715dae06_c2ltcGxlanNvbi9lbmNvZGVyLnB5..e205a697dcf757c138188eeeb516c90772b4d89a_c2ltcGxlanNvbi9lbmNvZGVyLnB5 100644
--- a/simplejson/encoder.py
+++ b/simplejson/encoder.py
@@ -6,5 +6,5 @@
 # this should match any kind of infinity
 INFCHARS = re.compile(r'[infINF]')
 ESCAPE = re.compile(r'[\x00-\x19\\"\b\f\n\r\t]')
-ESCAPE_ASCII = re.compile(r'([\\"]|[^\ -~])')
+ESCAPE_ASCII = re.compile(r'([\\"/]|[^\ -~])')
 ESCAPE_DCT = {
@@ -10,4 +10,6 @@
 ESCAPE_DCT = {
+    # escape all forward slashes to prevent </script> attack
+    '/': '\\/',
     '\\': '\\\\',
     '"': '\\"',
     '\b': '\\b',
diff --git a/simplejson/tests/test_attacks.py b/simplejson/tests/test_attacks.py
new file mode 100644
index 0000000000000000000000000000000000000000..e205a697dcf757c138188eeeb516c90772b4d89a_c2ltcGxlanNvbi90ZXN0cy90ZXN0X2F0dGFja3MucHk=
--- /dev/null
+++ b/simplejson/tests/test_attacks.py
@@ -0,0 +1,6 @@
+def test_script_close_attack():
+    import simplejson
+    res = simplejson.dumps('</script>')
+    assert '</script>' not in res
+    res = simplejson.dumps(simplejson.loads('"</script>"'))
+    assert '</script>' not in res