diff --git a/hphp/runtime/ext/wddx/ext_wddx.cpp b/hphp/runtime/ext/wddx/ext_wddx.cpp
index be49b776f187e..9d249de0d7be1 100644
--- a/hphp/runtime/ext/wddx/ext_wddx.cpp
+++ b/hphp/runtime/ext/wddx/ext_wddx.cpp
@@ -126,9 +126,13 @@ bool WddxPacket::recursiveAddVar(const String& varName,
 
   std::string varType = getDataTypeString(varVariant.getType()).data();
   if (!getWddxEncoded(varType, "", varName, false).empty()) {
-    std::string varValue = varVariant.toString().data();
+    std::string varValue;
     if (varType.compare("boolean") == 0) {
       varValue = varVariant.toBoolean() ? "true" : "false";
+    } else {
+      varValue = StringUtil::HtmlEncode(varVariant.toString(),
+                                        StringUtil::QuoteStyle::Double,
+                                        "UTF-8", false, false).toCppString();
     }
     m_packetString += getWddxEncoded(varType, varValue, varName, hasVarTag);
     return true;
diff --git a/hphp/test/slow/ext_wddx/htmlent.php b/hphp/test/slow/ext_wddx/htmlent.php
new file mode 100644
index 0000000000000..c87d13db3dfa9
--- /dev/null
+++ b/hphp/test/slow/ext_wddx/htmlent.php
@@ -0,0 +1,5 @@
+<?php
+$s = wddx_serialize_value("Test for &");
+var_dump($s);
+$d = wddx_deserialize($s);
+var_dump($d);
diff --git a/hphp/test/slow/ext_wddx/htmlent.php.expect b/hphp/test/slow/ext_wddx/htmlent.php.expect
new file mode 100644
index 0000000000000..82c95fdf28791
--- /dev/null
+++ b/hphp/test/slow/ext_wddx/htmlent.php.expect
@@ -0,0 +1,2 @@
+string(92) "<wddxPacket version='1.0'><header/><data><string>Test for &amp;</string></data></wddxPacket>"
+string(10) "Test for &"