mirror of
https://github.com/scratchfoundation/scratch-vm.git
synced 2025-01-11 10:39:56 -05:00
Escape field values for XML-unsafe characters (#177)
* Escape field values for XML-unsafe characters * String equality check ===
This commit is contained in:
parent
08b40b4d1d
commit
6b08b95b97
2 changed files with 27 additions and 1 deletions
|
@ -1,4 +1,5 @@
|
||||||
var adapter = require('./adapter');
|
var adapter = require('./adapter');
|
||||||
|
var xmlEscape = require('../util/xml-escape');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @fileoverview
|
* @fileoverview
|
||||||
|
@ -369,8 +370,12 @@ Blocks.prototype.blockToXML = function (blockId) {
|
||||||
// Add any fields on this block.
|
// Add any fields on this block.
|
||||||
for (var field in block.fields) {
|
for (var field in block.fields) {
|
||||||
var blockField = block.fields[field];
|
var blockField = block.fields[field];
|
||||||
|
var value = blockField.value;
|
||||||
|
if (typeof value === 'string') {
|
||||||
|
value = xmlEscape(blockField.value);
|
||||||
|
}
|
||||||
xmlString += '<field name="' + blockField.name + '">' +
|
xmlString += '<field name="' + blockField.name + '">' +
|
||||||
blockField.value + '</field>';
|
value + '</field>';
|
||||||
}
|
}
|
||||||
// Add blocks connected to the next connection.
|
// Add blocks connected to the next connection.
|
||||||
if (block.next) {
|
if (block.next) {
|
||||||
|
|
21
src/util/xml-escape.js
Normal file
21
src/util/xml-escape.js
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
/**
|
||||||
|
* Escape a string to be safe to use in XML content.
|
||||||
|
* CC-BY-SA: hgoebl
|
||||||
|
* https://stackoverflow.com/questions/7918868/
|
||||||
|
* how-to-escape-xml-entities-in-javascript
|
||||||
|
* @param {!string} unsafe Unsafe string.
|
||||||
|
* @return {string} XML-escaped string, for use within an XML tag.
|
||||||
|
*/
|
||||||
|
var xmlEscape = function (unsafe) {
|
||||||
|
return unsafe.replace(/[<>&'"]/g, function (c) {
|
||||||
|
switch (c) {
|
||||||
|
case '<': return '<';
|
||||||
|
case '>': return '>';
|
||||||
|
case '&': return '&';
|
||||||
|
case '\'': return ''';
|
||||||
|
case '"': return '"';
|
||||||
|
}
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
module.exports = xmlEscape;
|
Loading…
Reference in a new issue