diff --git a/.hgtags b/.hgtags
index fc91973645..6857859e61 100644
--- a/.hgtags
+++ b/.hgtags
@@ -26,5 +26,6 @@ ff3bb24ea0c915878396a6ae27f1ff164e8ac150 Release-6.0.0-beta
 56015ac26f5ab60e3c61b1d09075297b660afa07 Release-6.0.0-RC
 1719fbd857f28b376639ac2aa0abada0ef2e7560 Release-6.0.0
 e02f5aebb87e3f07d27376647756caa9762931d8 Release-4.11.4
+14338b0ab1738fbd8987677ecdb9a73d79fc229d release-4.11.6
 b247b35d821144849f551e02da8ba719f91d5fb0 Release-6.0.2
 aed55cba29009ad3db48880a7cfb66407ce9805f release-6.0.3
diff --git a/src/Umbraco.Web.UI/umbraco_client/Application/HistoryManager.js b/src/Umbraco.Web.UI/umbraco_client/Application/HistoryManager.js
index b258c61e8e..b1f44a8f46 100644
--- a/src/Umbraco.Web.UI/umbraco_client/Application/HistoryManager.js
+++ b/src/Umbraco.Web.UI/umbraco_client/Application/HistoryManager.js
@@ -1,6 +1,6 @@
 /// <reference path="/umbraco_client/Application/NamespaceManager.js" />
 /// <reference name="MicrosoftAjax.js"/>
-/// <reference path="/umbraco_client/Application/Query/jquery.ba-bbq.min.js" />
+/// <reference path="/umbraco_client/Application/JQuery/jquery.ba-bbq.min.js" />
 
 Umbraco.Sys.registerNamespace("Umbraco.Controls");
 
@@ -8,18 +8,28 @@ Umbraco.Sys.registerNamespace("Umbraco.Controls");
 
     Umbraco.Controls.HistoryManager = function() {
         /// <summary>This is a wrapper for the bbq plugin history manager, but we could do alot with history mgmt in the future!</summary>
+
+        var hashFragmentRegex = new RegExp(/^\w+/);
+        function getHashFragment(frag) {
+            //tests for xss and ensures only the first alphanumeric chars are matched
+            var result = hashFragmentRegex.exec(frag);
+            if (result.length > 0) {
+                return result[0];
+            }
+            return "";
+        }
         var obj = {
 
             onNavigate: function(e) {
-                
-                var l = $.param.fragment();
-                if (l != "") {
-                    jQuery(window.top).trigger("navigating", [$.param.fragment()]); //raise event!
+                var fragment = getHashFragment($.param.fragment());
+                if (fragment != "") {
+                    jQuery(window.top).trigger("navigating", [fragment]); //raise event!   
                 }
                 
             },
             addHistory: function(name, forceRefresh) {
-                if ($.param.fragment() == name && forceRefresh) {
+                var fragment = getHashFragment($.param.fragment());
+                if (fragment == name && forceRefresh) {
                     this.onNavigate();
                 }
                 else {
@@ -27,8 +37,8 @@ Umbraco.Sys.registerNamespace("Umbraco.Controls");
                 }
 
             },
-            getCurrent: function() {
-                return ($.param.fragment().length > 0) ? $.param.fragment() : "";
+            getCurrent: function () {                
+                return getHashFragment($.param.fragment());
             },
 
             addEventHandler: function(fnName, fn) {