chore(ssr): use htmlEscape consistently (#5116)

Author: nolanlawson

packages/@lwc/ssr-runtime/src/render.ts

@@ -4,15 +4,19 @@
  * SPDX-License-Identifier: MIT
  * For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/MIT
  */
-import { getOwnPropertyNames, isNull, isString, isUndefined, DEFAULT_SSR_MODE } from '@lwc/shared';
+import {
+    getOwnPropertyNames,
+    isNull,
+    isString,
+    isUndefined,
+    DEFAULT_SSR_MODE,
+    htmlEscape,
+} from '@lwc/shared';
 import { mutationTracker } from './mutation-tracker';
 import { SYMBOL__GENERATE_MARKUP } from './lightning-element';
 import type { LightningElement, LightningElementConstructor } from './lightning-element';
 import type { Attributes, Properties } from './types';
 
-const escapeAttrVal = (attrValue: string) =>
-    attrValue.replaceAll('&', '&').replaceAll('"', '"');
-
 function renderAttrsPrivate(
     instance: LightningElement,
     attrs: Attributes,
@@ -58,7 +62,8 @@ function renderAttrsPrivate(
             }
         }
 
-        result += attrValue === '' ? ` ${attrName}` : ` ${attrName}="${escapeAttrVal(attrValue)}"`;
+        result +=
+            attrValue === '' ? ` ${attrName}` : ` ${attrName}="${htmlEscape(attrValue, true)}"`;
     }
 
     // If we didn't render any `class` attribute, render one for the scope token(s)