escape attribute values in SSR

src/generators/server-side-rendering/visitors/shared/stringifyAttributeValue.ts

@@ -11,7 +11,7 @@ export default function stringifyAttributeValue(block: Block, chunks: Node[]) {
 
 			block.contextualise(chunk.expression);
 			const { snippet } = chunk.metadata;
-			return '${' + snippet + '}';
+			return '${__escape(' + snippet + ')}';
 		})
 		.join('');
 }

test/runtime/samples/attribute-dynamic-quotemarks/_config.js

@@ -0,0 +1,3 @@
+export default {
+	html: `<span title='"foo"'>foo</span>`
+};

test/runtime/samples/attribute-dynamic-quotemarks/main.html

@@ -0,0 +1 @@
+<span title='{{"\"foo\""}}'>foo</span>