Use String#encode for xml_escape filter instead of CGI.escapeHTML

lib/jekyll/filters.rb

@@ -117,7 +117,7 @@ def date_to_rfc822(date)
     #
     # Returns the escaped String.
     def xml_escape(input)
-      CGI.escapeHTML(input.to_s)
+      input.to_s.encode(:xml => :attr).gsub(/\A"|"\Z/, "")
     end
 
     # CGI escape a string for use in a URL. Replaces any special characters
@@ -308,7 +308,7 @@ def sample(input, num = 1)
     #
     # Returns a String representation of the object.
     def inspect(input)
-      CGI.escapeHTML(input.inspect)
+      xml_escape(input.inspect)
     end
 
     private

test/test_filters.rb

@@ -394,6 +394,10 @@ def to_liquid
       should "return a HTML-escaped string representation of an object" do
         assert_equal "{&quot;&lt;a&gt;&quot;=&gt;1}", @filter.inspect({ "<a>" => 1 })
       end
+
+      should "quote strings" do
+        assert_equal "&quot;string&quot;", @filter.inspect("string")
+      end
     end
 
     context "slugify filter" do