html filter should escape single-quotes, too #327
Description
At the moment it only escapes double-quotes, which means constructions like <tag attr='[% var | html %]'> (which is valid per HTML spec - attributes can be single-quoted, double-quoted, or not quoted at all) will break if var has single-quotes in it. I think this just requires an update to the html_filter function regex, but I don't know the library structure super-well so I'm not 100% certain.
(We actually ran into this in the wild with dreamwidth/dreamwidth#3365 )