--- libxml2-2.9.0/entities.c	2012-08-15 00:29:24.000000000 +0200
+++ libxml2-2.9.0-patched-beforeauto/entities.c	2012-09-04 16:43:08.000000000 +0200
@@ -552,6 +552,26 @@
  */
 xmlChar *
 xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
+    return __xmlEncodeEntitiesReentrant(doc, input, 0);
+}
+
+/**
+ * __xmlEncodeEntitiesReentrant:
+ * @doc:  the document containing the string
+ * @input:  A string to convert to XML.
+ * @htmlAttr: Is this function called to build an html attribute?
+ *
+ * Do a global encoding of a string, replacing the predefined entities
+ * and non ASCII values with their entities and CharRef counterparts.
+ * Contrary to xmlEncodeEntities, this routine is reentrant, and result
+ * must be deallocated.
+ * The public version of this function is xmlEncodeEntitiesReentrant (entities).
+ *
+ * Returns A newly allocated string with the substitution done.
+ */
+xmlChar *
+__xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input,
+                             int htmlAttr) {
     const xmlChar *cur = input;
     xmlChar *buffer = NULL;
     xmlChar *out = NULL;
@@ -584,17 +604,22 @@
 	/*
 	 * By default one have to encode at least '<', '>', '"' and '&' !
 	 */
-	if (*cur == '<') {
+	if (*cur == '<' && !htmlAttr) {
 	    *out++ = '&';
 	    *out++ = 'l';
 	    *out++ = 't';
 	    *out++ = ';';
-	} else if (*cur == '>') {
+	} else if (*cur == '>' && !htmlAttr) {
 	    *out++ = '&';
 	    *out++ = 'g';
 	    *out++ = 't';
 	    *out++ = ';';
-	} else if (*cur == '&') {
+    /*
+     * The html output method should not escape a & character
+     * occurring in an attribute value immediately followed by
+     * a { character (see Section B.7.1 of the HTML 4.0 Recommendation).
+     */
+	} else if (*cur == '&' && (!htmlAttr || *(cur + 1) != '{')) {
 	    *out++ = '&';
 	    *out++ = 'a';
 	    *out++ = 'm';