Escape attribute values and string DOMs when inserting them

* lisp/net/shr.el (shr-dom-print): Escape these strings, as done
in `dom-print', to prevent producing an erroneous XML document.
* test/lisp/net/shr-tests.el (dom-print-escape): Add new test
(Bug#80383).

lisp/net/shr.el

@@ -1535,13 +1535,15 @@ ones, in case fg and bg are nil."
     ;; Ignore attributes that start with a colon because they are
     ;; private elements.
     (unless (= (aref (format "%s" (car attr)) 0) ?:)
-      (insert (format " %s=\"%s\"" (car attr) (cdr attr)))))
+      (insert (format " %s=\"%s\""
+                      (car attr)
+                      (url-insert-entities-in-string (cdr attr))))))
   (insert ">")
   (let (url)
     (dolist (elem (dom-children dom))
       (cond
        ((stringp elem)
-	(insert elem))
+	(insert (url-insert-entities-in-string elem)))
        ((eq (dom-tag elem) 'comment)
 	)
        ((or (not (eq (dom-tag elem) 'image))

test/lisp/net/shr-tests.el

@@ -183,6 +183,21 @@ settings, then once more for each (OPTION . VALUE) pair.")
                                (point-max))))
               (should (equal image-zooms '(original))))))))))
 
+(ert-deftest dom-print-escape ()
+  ;; This is a DOM as parsed by `libxml-parse-xml-region'.
+  (let ((svg-string (concat "<svg width=\"100\" height=\"100\""
+                            " version=\"1.1\" "
+                            "xmlns=\"http://www.w3.org/2000/svg\" "
+                            "xmlns:xlink=\"http://www.w3.org/1999/xlink\"> "
+                            "<text>&amp; &gt;.&lt;</text>"
+                            "</svg>"))
+        (dom '(svg ((width . "100") (height . "100") (version . "1.1") (xmlns . "http://www.w3.org/2000/svg")
+                    (xmlns:xlink . "http://www.w3.org/1999/xlink"))
+                   (text nil "& >.<"))))
+    (with-temp-buffer
+      (shr-dom-print dom)
+      (should (equal svg-string (buffer-string))))))
+
 (require 'shr)
 
 ;;; shr-tests.el ends here