HTML.escape and XML.escape

[straight-shoota]

With #5012 being merged (thanks @asterite and @akzhan) we now have both HTML.escape and XML.escape which are mostly identical. The only difference is that HTML escapes ' as ' and XML as '. This is because ' is an entity in XML, XHTML and HTML5, but not in legacy HTML. Though you could also escape XML with ' and almost all HTML appliances would be fine with '.

So I'm not 100% sure about it, but I think it makes sense to keep both implementations with this little difference.

However, I'd suggest to use the same API for both, which means implementing XML.escape(String, IO) similar to it's HTML counterpart.
And the documentation for the HTML parts should be copied and adapted to XML. It would also be nice to reference each from the other.

[asterite]

I think we can safely remove XML.escape because for creating XML one can use an XML::Builder. Plus no such thing exists in, for example, Nokogiri, which is a library that also wraps libxml.

[straight-shoota]

True, there shouldn't be too many actual use-cases.
In the case that someone wants to have a plain string escaped (maybe for an XML template instead of a builder), it's safe to use HTML.escape which is also valid for XML.

[straight-shoota]

To keep the reference: XML.escape was introduced by #2455 to provide a JUnit formatter for specs, though that has been refactored to use a builder.