From 6a809664f8b1fbfdc7f3616bef3c54f0b019dd8c Mon Sep 17 00:00:00 2001
From: Doug Mayer <dougtmayer@gmail.com>
Date: Fri, 22 Jul 2011 15:30:58 -0500
Subject: [PATCH] Use character references for escaped attributes.

When attribute values contain both an apostrophe and a double quote,
we should substitute the character being used to wrap the value with
its key code instead of named/keyword entities (for IE support).

Fixes #418.

Signed-off-by: Norman Clarke <norman@njclarke.com>
---
 CHANGELOG.md         | 7 +++++++
 lib/haml/compiler.rb | 4 ++--
 test/engine_test.rb  | 4 ++--
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bcbb587e..05bb64ff 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -40,6 +40,11 @@
 * Fix for inner whitespace removal in loops.
   (thanks [Richard Michael](https://github.com/richardkmichael))
 
+* Use numeric character references rather than HTML entities when escaping
+  double quotes and apostrophes in attributes. This works around some bugs in
+  Internet Explorer earlier than version 9.
+  (thanks [Doug Mayer](https://github.com/doxavore))
+
 ## 3.1.5 (Unreleased)
 
 * Respect Rails' `html_safe` flag when escaping attribute values
@@ -68,6 +73,8 @@
 
 * Fix an issue where destructive modification was sometimes performed on Rails SafeBuffers.
 
+* Use character code entities for attribute value replacements instead of named/keyword entities.
+
 ## 3.1.1
 
 * Update the vendored Sass to version 3.1.0.
diff --git a/lib/haml/compiler.rb b/lib/haml/compiler.rb
index fbf5a365..3c11e37d 100755
--- a/lib/haml/compiler.rb
+++ b/lib/haml/compiler.rb
@@ -358,7 +358,7 @@ END
 
     # This is a class method so it can be accessed from Buffer.
     def self.build_attributes(is_html, attr_wrapper, escape_attrs, hyphenate_data_attrs, attributes = {})
-      quote_escape = attr_wrapper == '"' ? "&quot;" : "&apos;"
+      quote_escape = attr_wrapper == '"' ? "&#x0022;" : "&#x0027;"
       other_quote_char = attr_wrapper == '"' ? "'" : '"'
 
       if attributes['data'].is_a?(Hash)
@@ -391,7 +391,7 @@ END
         value = Haml::Helpers.preserve(escaped)
         if escape_attrs
           # We want to decide whether or not to escape quotes
-          value = value.gsub('&quot;', '"')
+          value = value.gsub('&quot;', '"').gsub('&#x0022;', '"')
           this_attr_wrapper = attr_wrapper
           if value.include? attr_wrapper
             if value.include? other_quote_char
diff --git a/test/engine_test.rb b/test/engine_test.rb
index ec7ccdde..51739cec 100644
--- a/test/engine_test.rb
+++ b/test/engine_test.rb
@@ -1127,7 +1127,7 @@ HAML
     assert_equal("<p strange=*attrs*></p>\n", render("%p{ :strange => 'attrs'}", :attr_wrapper => '*'))
     assert_equal("<p escaped='quo\"te'></p>\n", render("%p{ :escaped => 'quo\"te'}", :attr_wrapper => '"'))
     assert_equal("<p escaped=\"quo'te\"></p>\n", render("%p{ :escaped => 'quo\\'te'}", :attr_wrapper => '"'))
-    assert_equal("<p escaped=\"q'uo&quot;te\"></p>\n", render("%p{ :escaped => 'q\\'uo\"te'}", :attr_wrapper => '"'))
+    assert_equal("<p escaped=\"q'uo&#x0022;te\"></p>\n", render("%p{ :escaped => 'q\\'uo\"te'}", :attr_wrapper => '"'))
     assert_equal("<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n", render("!!! XML", :attr_wrapper => '"'))
   end
 
@@ -1511,7 +1511,7 @@ HAML
       render("%div{:data => {:one_plus_one => 1+1}}",
         :hyphenate_data_attrs => false))
 
-    assert_equal("<div data-foo='Here&apos;s a \"quoteful\" string.'></div>\n",
+    assert_equal("<div data-foo='Here&#x0027;s a \"quoteful\" string.'></div>\n",
       render(%{%div{:data => {:foo => %{Here's a "quoteful" string.}}}},
         :hyphenate_data_attrs => false)) #'
   end