diff --git a/wp-includes/class-wp-customize-setting.php b/wp-includes/class-wp-customize-setting.php
index 1e304d9ab4..f6088c9f4c 100644
--- a/wp-includes/class-wp-customize-setting.php
+++ b/wp-includes/class-wp-customize-setting.php
@@ -230,6 +230,22 @@ class WP_Customize_Setting {
 		return $this->multidimensional_get( $values, $this->id_data[ 'keys' ], $this->default );
 	}
 
+	/**
+	 * Escape the parameter's value for use in JavaScript.
+	 *
+	 * @since 3.4.0
+	 *
+	 * @return mixed The requested escaped value.
+	 */
+	public function js_value() {
+		$value = $this->value();
+
+		if ( is_string( $value ) )
+			return html_entity_decode( $value, ENT_QUOTES, 'UTF-8');
+
+		return $value;
+	}
+
 	/**
 	 * Check if the theme supports the setting and check user capabilities.
 	 *
diff --git a/wp-includes/class-wp-customize.php b/wp-includes/class-wp-customize.php
index 9eb280ff36..ba6dfed894 100644
--- a/wp-includes/class-wp-customize.php
+++ b/wp-includes/class-wp-customize.php
@@ -213,7 +213,7 @@ final class WP_Customize {
 		);
 
 		foreach ( $this->settings as $id => $setting ) {
-			$settings['values'][ $id ] = $setting->value();
+			$settings['values'][ $id ] = $setting->js_value();
 		}
 
 		?>
diff --git a/wp-includes/customize-controls.php b/wp-includes/customize-controls.php
index 0fd9b030db..31a3cf35c7 100644
--- a/wp-includes/customize-controls.php
+++ b/wp-includes/customize-controls.php
@@ -108,7 +108,7 @@ do_action( 'customize_controls_print_scripts' );
 
 	foreach ( $this->settings as $id => $setting ) {
 		$settings['settings'][ $id ] = array(
-			'value'     => $setting->value(),
+			'value'     => $setting->js_value(),
 			'transport' => $setting->transport,
 		);
 	}