DefaultHtmlSerializer#serialize() should encode entities in attribute nodes

Currently DefaultHtmlSerializer#serialize() will run attribute values through printAttributeValue() which contains an incomplete list of entities.

This change will use Escaping.escapeXml() instead, which escapes all html entities.

http://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/lexer/escaping/Escaping.java#200

[Paul Lindner, 2010-09-19 01:25:21]

lgtm