fix(ssr): should also escape static text content

fix #6345

Author: yyx990803

src/server/optimizing-compiler/codegen.js

@@ -22,8 +22,8 @@ import {
   applyModelTransform
 } from './modules'
 
+import { escape } from 'web/server/util'
 import { optimizability } from './optimizer'
-
 import type { CodegenResult } from 'compiler/codegen/index'
 
 export type StringSegment = {
@@ -222,7 +222,7 @@ function nodesToSegments (
     } else if (c.type === 2) {
       segments.push({ type: INTERPOLATION, value: c.expression })
     } else if (c.type === 3) {
-      segments.push({ type: RAW, value: c.text })
+      segments.push({ type: RAW, value: escape(c.text) })
     }
   }
   return segments

test/ssr/ssr-string.spec.js

@@ -908,6 +908,15 @@ describe('SSR: renderToString', () => {
       done()
     })
   })
+
+  it('should escape static strings', done => {
+    renderVmWithOptions(({
+      template: `<div>&lt;foo&gt;</div>`
+    }), res => {
+      expect(res).toBe(`<div data-server-rendered="true">&lt;foo&gt;</div>`)
+      done()
+    })
+  })
 })
 
 function renderVmWithOptions (options, cb) {