diff --git a/.rubocop.yml b/.rubocop.yml
index 545422c6d..7c151d364 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -259,6 +259,7 @@ Rails/OutputSafety:
   Severity: warning
   Exclude:
     - app/helpers/text_with_links_helper.rb
+    - config/initializers/escape_javascript_fix.rb
 
 Rails/PluralizationGrammar:
   Enabled: true
diff --git a/config/initializers/escape_javascript_fix.rb b/config/initializers/escape_javascript_fix.rb
new file mode 100644
index 000000000..0f693fdf6
--- /dev/null
+++ b/config/initializers/escape_javascript_fix.rb
@@ -0,0 +1,25 @@
+# Code taken from https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv
+# Remove this code after upgrading to Rails 5.2
+ActionView::Helpers::JavaScriptHelper::JS_ESCAPE_MAP.merge!(
+  {
+    "`" => "\\`",
+    "$" => "\\$"
+  }
+)
+
+module ActionView::Helpers::JavaScriptHelper
+  alias :old_ej :escape_javascript
+  alias :old_j :j
+
+  def escape_javascript(javascript)
+    javascript = javascript.to_s
+    if javascript.empty?
+      result = ""
+    else
+      result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u, JS_ESCAPE_MAP)
+    end
+    javascript.html_safe? ? result.html_safe : result
+  end
+
+  alias :j :escape_javascript
+end