escape quotes

Author: keithasaurus

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "simple-html"
-version = "1.1.0"
+version = "1.1.1"
 readme = "README.md"
 description = "Template-less html rendering in Python"
 authors = ["Keith Philpott <fakekeith@example.org>"]

simple_html/__init__.py

@@ -80,7 +80,7 @@ def __hash__(self) -> int:
 
 def escape_attribute_key(k: str) -> str:
     return (
-        escape(k)
+        escape(k, True)
         .replace("=", "=")
         .replace("\\", "\")
         .replace("`", "`")
@@ -121,7 +121,7 @@ def __call__(
                         else escape_attribute_key(key)
                     )
                 if isinstance(val, str):
-                    attrs += f' {key}="{escape(val)}"'
+                    attrs += f' {key}="{escape(val, True)}"'
                 elif isinstance(val, SafeString):
                     attrs += f' {key}="{val.safe_str}"'
                 elif val is None:

tests/test_simple_html.py

@@ -186,8 +186,8 @@ def test_render_with_escaped_attributes() -> None:
         == '<div onmousenter&#x3D;&quot;alert(1)&quot;&nbsp;noop="1"></div>'
     )
     assert (
-        render(span({"<script></script>": ">"}))
-        == '<span &lt;script&gt;&lt;/script&gt;="&gt;"></span>'
+        render(span({"<script>\"</script>": "\">"}))
+        == '<span &lt;script&gt;&quot;&lt;/script&gt;="&quot;&gt;"></span>'
     )
     # vals and keys escape slightly differently
     assert (