From 7b045525b09665cee70648b60c0c514f46c81990 Mon Sep 17 00:00:00 2001
From: Yusuke Wada <yusuke@cloudflare.com>
Date: Sun, 13 Aug 2023 10:33:54 +0900
Subject: [PATCH 1/3] fix: escape a single quote

---
 src/util.js         | 5 ++++-
 test/render.test.js | 4 ++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/util.js b/src/util.js
index bc80ea48..42ddff0a 100644
--- a/src/util.js
+++ b/src/util.js
@@ -5,7 +5,7 @@ export const HTML_LOWER_CASE = /^accessK|^auto[A-Z]|^ch|^col|cont|cross|dateT|en
 export const SVG_CAMEL_CASE = /^ac|^ali|arabic|basel|cap|clipPath$|clipRule$|color|dominant|enable|fill|flood|font|glyph[^R]|horiz|image|letter|lighting|marker[^WUH]|overline|panose|pointe|paint|rendering|shape|stop|strikethrough|stroke|text[^L]|transform|underline|unicode|units|^v[^i]|^w|^xH/;
 
 // DOM properties that should NOT have "px" added when numeric
-const ENCODED_ENTITIES = /["&<]/;
+const ENCODED_ENTITIES = /["'&<]/;
 
 /** @param {string} str */
 export function encodeEntities(str) {
@@ -26,6 +26,9 @@ export function encodeEntities(str) {
 			case 38:
 				ch = '&amp;';
 				break;
+			case 39:
+				ch = '&#x27;';
+				break;
 			case 60:
 				ch = '&lt;';
 				break;
diff --git a/test/render.test.js b/test/render.test.js
index e6b6fe1c..050b6388 100644
--- a/test/render.test.js
+++ b/test/render.test.js
@@ -213,8 +213,8 @@ describe('render', () => {
 		});
 
 		it('should encode entities', () => {
-			let rendered = render(<div a={'"<>&'}>{'"<>&'}</div>),
-				expected = `<div a="&quot;&lt;>&amp;">&quot;&lt;>&amp;</div>`;
+			let rendered = render(<div a={'"\'<>&'}>{'"\'<>&'}</div>),
+				expected = `<div a="&quot;&#x27;&lt;>&amp;">&quot;&#x27;&lt;>&amp;</div>`;
 
 			expect(rendered).to.equal(expected);
 		});

From 897516e8c01fcb2c040e782a78eb1a933ec610c4 Mon Sep 17 00:00:00 2001
From: Yusuke Wada <yusuke@kamawada.com>
Date: Sun, 13 Aug 2023 10:43:43 +0900
Subject: [PATCH 2/3] changeset

---
 .changeset/quiet-dragons-lay.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .changeset/quiet-dragons-lay.md

diff --git a/.changeset/quiet-dragons-lay.md b/.changeset/quiet-dragons-lay.md
new file mode 100644
index 00000000..b92ad514
--- /dev/null
+++ b/.changeset/quiet-dragons-lay.md
@@ -0,0 +1,5 @@
+---
+"preact-render-to-string": patch
+---
+
+fix: escape a single quote

From 345fcc7ba96a0bfd67a4172a4b2f55f15834a871 Mon Sep 17 00:00:00 2001
From: Ryan Christian <33403762+rschristian@users.noreply.github.com>
Date: Wed, 23 Aug 2023 00:36:08 -0500
Subject: [PATCH 3/3] Update .changeset/quiet-dragons-lay.md

---
 .changeset/quiet-dragons-lay.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.changeset/quiet-dragons-lay.md b/.changeset/quiet-dragons-lay.md
index b92ad514..33aa11c2 100644
--- a/.changeset/quiet-dragons-lay.md
+++ b/.changeset/quiet-dragons-lay.md
@@ -1,5 +1,5 @@
 ---
-"preact-render-to-string": patch
+"preact-render-to-string": major
 ---
 
 fix: escape a single quote