Improve HTML escaping.

This closes a couple of potential exploit scenarios.
Backtick (`) for older IEs and equals (=) for unquoted attributes.

Refs 83b8e846a3
Closes https://github.com/janl/mustache.js/pull/388

mustache.js

@@ -63,11 +63,13 @@
     '>': '>',
     '"': '"',
     "'": ''',
-    '/': '/'
+    '/': '/',
+    '`': '`',
+    '=': '='
   };
 
   function escapeHtml (string) {
-    return String(string).replace(/[&<>"'\/]/g, function fromEntityMap (s) {
+    return String(string).replace(/[&<>"'`=\/]/g, function fromEntityMap (s) {
       return entityMap[s];
     });
   }

test/_files/escaped.js

@@ -2,5 +2,5 @@
   title: function () {
     return "Bear > Shark";
   },
-  entities: "&quot; \"'<>/"
+  entities: "&quot; \"'<>`=/"
 })

test/_files/escaped.txt

@@ -1,2 +1,2 @@
 <h1>Bear &gt; Shark</h1>
-And even &amp;quot; &quot;&#39;&lt;&gt;&#x2F;, but not &quot; "'<>/.
+And even &amp;quot; &quot;&#39;&lt;&gt;&#x60;&#x3D;&#x2F;, but not &quot; "'<>`=/.