Escape field values for XML-unsafe characters (#177)

* Escape field values for XML-unsafe characters

* String equality check ===
This commit is contained in:
Tim Mickel 2016-09-13 17:51:17 -04:00 committed by GitHub
parent 08b40b4d1d
commit 6b08b95b97
2 changed files with 27 additions and 1 deletions

View file

@ -1,4 +1,5 @@
var adapter = require('./adapter'); var adapter = require('./adapter');
var xmlEscape = require('../util/xml-escape');
/** /**
* @fileoverview * @fileoverview
@ -369,8 +370,12 @@ Blocks.prototype.blockToXML = function (blockId) {
// Add any fields on this block. // Add any fields on this block.
for (var field in block.fields) { for (var field in block.fields) {
var blockField = block.fields[field]; var blockField = block.fields[field];
var value = blockField.value;
if (typeof value === 'string') {
value = xmlEscape(blockField.value);
}
xmlString += '<field name="' + blockField.name + '">' + xmlString += '<field name="' + blockField.name + '">' +
blockField.value + '</field>'; value + '</field>';
} }
// Add blocks connected to the next connection. // Add blocks connected to the next connection.
if (block.next) { if (block.next) {

21
src/util/xml-escape.js Normal file
View file

@ -0,0 +1,21 @@
/**
* Escape a string to be safe to use in XML content.
* CC-BY-SA: hgoebl
* https://stackoverflow.com/questions/7918868/
* how-to-escape-xml-entities-in-javascript
* @param {!string} unsafe Unsafe string.
* @return {string} XML-escaped string, for use within an XML tag.
*/
var xmlEscape = function (unsafe) {
return unsafe.replace(/[<>&'"]/g, function (c) {
switch (c) {
case '<': return '&lt;';
case '>': return '&gt;';
case '&': return '&amp;';
case '\'': return '&apos;';
case '"': return '&quot;';
}
});
};
module.exports = xmlEscape;