Regarding the same idea of #984, we're migrating an app to newer Ruby/Rails versions, and it seems that the 4.x behavior isn't complete with just escape_interpolated_html, as the attributes are being a little weird.

On 4.x:

Haml::Engine.new(%{ %a{ :href => '/', :'@click' => "callback('a')" } link }.strip).render
=> <a @click="callback('a')" href='/'>link</a>

On 5.1.2:

Haml::Engine.new(%{ %a{ :href => '/', :'@click' => "callback('a')" } link }.strip).render
=> <a @click='callback(&#39;a&#39;)' href='/'>link</a>

This change breaks the inline templates for libraries like Vue. Digging in the code, I find escape_attrs, which doesn't help on either version, both outputting:

Haml::Engine.new(%{ %a{ :href => '/', :'@click' => "callback('a')" } link }.strip, :escape_attrs => false ).render
=> <a @click='callback('a')' href='/'>link</a>

Is this the expected output? I'm not seeing a case in which I would like to break out of the attribute value, I think this is a security issue.

I found that the attr_wrapper option can be assigned to a symbol that will wrap the attribute (single quotes by default), but this would break whenever the attribute value has the same value.

My proposal is to call inspect for the attribute value:

"callback('a', \"b\")".inspect
=> "callback('a', \"b\")"

Does that make sense? Should I start working on a PR or is it part of the spec or wontfix?