Halo source view incorrectly displaying entity characters

[GoogleCodeExporter]

Although our rendering generates entities for, e.g., quotation marks ("), the 
halo source view seems to display the original characters (or rather, it 
probably displays the entities, but they get interpreted by the browser -- we 
need a second level of encoding, which you would think would be happening 
automatically).

From Issue 640, Comment 21:
---------------------
Hmm.. perhaps I wasn't being clear.

If the actual source is:

<body onload="javascript:alert(&quot;foo&quot;)">

Then I think the halo source view should be outputting:

&lt;body onload=&quot;javascript:alert(&amp;quot;foo&amp;quot;)&quot;&gt;

(well, it also adds styling, but I'm ignoring that for the instant) I think 
that *should* cause the browser to display things correctly.

I imagine we must be encoding some entities there, since we output entities 
whenever we output HTML content, but maybe we're missing the &amp; or something?
--------------------

From Issue 640, Comment 23:

--------------------
I think the halo implementation is wrong

If we do

    html heading
        title: '"&'''; "first is a double quote, last is a single quote"
        with: '"&''' "first is a double quote, last is a single quote"

then we output

  <h1 title="&quot;&amp;'">&quot;&amp;'</h1>

However the halo will display

  <h1 title=""&'">"&'</h1>

Which has better readability but is inconsistent.

another example is

    html heading
        title: '&foo;';
        with: '&foo;'

will render as 

  <h1 title="&amp;foo;">&amp;foo;</h1>

but show up as

  <h1 title="&foo;">&foo;</h1>
------------------------

Original issue reported on code.google.com by jfitz...@gmail.com on 9 Feb 2011 at 10:46