Revert "Don't escape quotes when escaping HTML."

This reverts commit f3ac053f9c.

Turns out this is necessary for Rails compatibility.

lib/haml/helpers.rb

@@ -335,18 +335,18 @@ module Haml
     end
 
     # Characters that need to be escaped to HTML entities from user input
-    HTML_ESCAPE = {'&'=>'&amp;', '<'=>'&lt;', '>'=>'&gt;'}
+    HTML_ESCAPE = { '&'=>'&amp;', '<'=>'&lt;', '>'=>'&gt;', '"'=>'&quot;', "'"=>'&#039;', }
 
     # Returns a copy of <tt>text</tt> with ampersands, angle brackets and quotes
     # escaped into HTML entities.
     def html_escape(text)
-      text.to_s.gsub(/[><&]/) { |s| HTML_ESCAPE[s] }
+      text.to_s.gsub(/[\"><&]/) { |s| HTML_ESCAPE[s] }
     end
 
     # Escapes HTML entities in <tt>text</tt>, but without escaping an ampersand
     # that is already part of an escaped entity.
     def escape_once(text)
-      text.to_s.gsub(/[><]|&(?!([a-zA-Z]+|(#\d+));)/) { |s| HTML_ESCAPE[s] }
+      text.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |s| HTML_ESCAPE[s] }
     end
 
     # Returns whether or not the current template is a Haml template.

test/haml/engine_test.rb

@@ -236,8 +236,7 @@ END
 
   def test_attr_wrapper
     assert_equal("<p strange=*attrs*>\n</p>\n", render("%p{ :strange => 'attrs'}", :attr_wrapper => '*'))
-    assert_equal("<p escaped='quo\"te'>\n</p>\n", render("%p{ :escaped => 'quo\"te'}", :attr_wrapper => '"'))
-    assert_equal("<p escaped=\"quo'te\">\n</p>\n", render("%p{ :escaped => 'quo\\'te'}", :attr_wrapper => '"'))
+    assert_equal("<p escaped=\"quo&quot;te\">\n</p>\n", render("%p{ :escaped => 'quo\"te'}", :attr_wrapper => '"'))
     assert_equal("<p escaped=\"q'uo&quot;te\">\n</p>\n", render("%p{ :escaped => 'q\\'uo\"te'}", :attr_wrapper => '"'))
     assert_equal("<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n", render("!!! XML", :attr_wrapper => '"'))
   end