String.prototype.escape_html = function() {
  return this.replace(/\&/, "&amp;").replace(/\</, "&lt;").replace(/\>/, "&gt;");
}

String.prototype.merge = function(values) {
  var merged = this;
  for (var key in values)
    merged = merged.replace(new RegExp("\{" + key + "\}", "gi"), values[key]);
  return merged;
}

String.prototype.html_merge = function(values) {
  var merged = this;
  // don't escape double delimited keys (bit of a kludge to allow keys with html in them)
  for (var key in values)
    merged = merged.replace(new RegExp("\{\{" + key + "\}\}", "gi"), values[key].toString());
  for (var key in values)
    merged = merged.replace(new RegExp("\{" + key + "\}", "gi"), values[key].toString().escape_html());
  return merged;
}