diff --git a/lib/erb.rb b/lib/erb.rb
index bb47943..d29505d 100644
--- a/lib/erb.rb
+++ b/lib/erb.rb
@@ -909,7 +909,7 @@ class ERB
     #   is a &gt; 0 &amp; a &lt; 10?
     #
     def html_escape(s)
-      s.to_s.gsub(/&/, "&amp;").gsub(/\"/, "&quot;").gsub(/>/, "&gt;").gsub(/</, "&lt;")
+      s.to_s.gsub(/&/, "&amp;").gsub(/\"/, "&quot;").gsub(/>/, "&gt;").gsub(/</, "&lt;").gsub(/'/, "&#x27;").gsub(/\//, "&#x2F;")
     end
     alias h html_escape
     module_function :h
diff --git a/test/erb/test_erb.rb b/test/erb/test_erb.rb
index 05d2556..04d2e51 100644
--- a/test/erb/test_erb.rb
+++ b/test/erb/test_erb.rb
@@ -4,6 +4,19 @@ require 'erb'
 class TestERB < Test::Unit::TestCase
   class MyError < RuntimeError ; end
 
+  def test_html_escape
+    {
+      '&' => '&amp;',
+      '"' => '&quot;',
+      '>' => '&gt;',
+      '<' => '&lt;',
+      "'" => '&#x27;',
+      '/' => '&#x2F;'
+    }.each do |original, escaped|
+      assert_equal escaped, ERB::Util.h(original)
+    end
+  end
+
   def test_without_filename
     erb = ERB.new("<% raise ::TestERB::MyError %>")
     e = assert_raise(MyError) {