Fix entity encoding of attribute values

This ensures that single and double quotes are also encoded, previously
they would be left as is.

Fixes #113

lib/oga/xml/attribute.rb

@@ -101,7 +101,11 @@ module Oga
           full_name = name
         end
 
-        enc_value = value ? Entities.encode(value) : nil
+        if value
+          enc_value = Entities.encode_attribute(value)
+        else
+          enc_value = nil
+        end
 
         %Q(#{full_name}="#{enc_value}")
       end

lib/oga/xml/entities.rb

@@ -32,6 +32,20 @@ module Oga
         '<' => '&lt;',
       }
 
+      ##
+      # Hash containing characters and the corresponding XML entities to use
+      # when encoding XML/HTML attribute values.
+      #
+      # @return [Hash]
+      #
+      ENCODE_ATTRIBUTE_MAPPING = {
+        '&' => '&amp;',
+        '>' => '&gt;',
+        '<' => '&lt;',
+        "'" => '&apos;',
+        '"' => '&quot;'
+      }
+
       ##
       # @return [String]
       #
@@ -56,6 +70,12 @@ module Oga
       #
       ENCODE_REGEXP = Regexp.new(ENCODE_MAPPING.keys.join('|'))
 
+      ##
+      # @return [Regexp]
+      #
+      ENCODE_ATTRIBUTE_REGEXP =
+        Regexp.new(ENCODE_ATTRIBUTE_MAPPING.keys.join('|'))
+
       ##
       # Decodes XML entities.
       #
@@ -87,6 +107,16 @@ module Oga
       def self.encode(input, mapping = ENCODE_MAPPING)
         input.gsub(ENCODE_REGEXP, mapping)
       end
+
+      ##
+      # Encodes special characters in an XML attribute value.
+      #
+      # @param [String] input
+      # @return [String]
+      #
+      def self.encode_attribute(input)
+        input.gsub(ENCODE_ATTRIBUTE_REGEXP, ENCODE_ATTRIBUTE_MAPPING)
+      end
     end # Entities
   end # XML
 end # Oga

spec/oga/xml/attribute_spec.rb

@@ -139,10 +139,10 @@ describe Oga::XML::Attribute do
       attr.to_xml.should == 'xmlns:class=""'
     end
 
-    it 'converts special characters to XML entities' do
+    it 'decodes XML entities' do
-      attr = described_class.new(:name => 'href', :value => '&<>')
+      attr = described_class.new(:name => 'href', :value => %q{&<>'"})
 
-      attr.to_xml.should == 'href="&amp;&lt;&gt;"'
+      attr.to_xml.should == 'href="&amp;&lt;&gt;&apos;&quot;"'
     end
   end
 

spec/oga/xml/entities_spec.rb

@@ -104,4 +104,26 @@ describe Oga::XML::Entities do
       described_class.encode('<').should == '<'
     end
   end
+
+  describe 'encode_attribute' do
+    it 'encodes & as &' do
+      described_class.encode_attribute('&').should == '&'
+    end
+
+    it 'encodes > as >' do
+      described_class.encode_attribute('>').should == '>'
+    end
+
+    it 'encodes < as &gt;' do
+      described_class.encode_attribute('<').should == '&lt;'
+    end
+
+    it 'encodes a single quote as &apos;' do
+      described_class.encode_attribute("'").should == '&apos;'
+    end
+
+    it 'encodes a double quote as &quot;' do
+      described_class.encode_attribute('"').should == '&quot;'
+    end
+  end
 end