mirror of
https://github.com/scratchfoundation/scratch-vm.git
synced 2024-12-23 14:32:59 -05:00
Escape field values for XML-unsafe characters (#177)
* Escape field values for XML-unsafe characters * String equality check ===
This commit is contained in:
parent
08b40b4d1d
commit
6b08b95b97
2 changed files with 27 additions and 1 deletions
|
@ -1,4 +1,5 @@
|
|||
var adapter = require('./adapter');
|
||||
var xmlEscape = require('../util/xml-escape');
|
||||
|
||||
/**
|
||||
* @fileoverview
|
||||
|
@ -369,8 +370,12 @@ Blocks.prototype.blockToXML = function (blockId) {
|
|||
// Add any fields on this block.
|
||||
for (var field in block.fields) {
|
||||
var blockField = block.fields[field];
|
||||
var value = blockField.value;
|
||||
if (typeof value === 'string') {
|
||||
value = xmlEscape(blockField.value);
|
||||
}
|
||||
xmlString += '<field name="' + blockField.name + '">' +
|
||||
blockField.value + '</field>';
|
||||
value + '</field>';
|
||||
}
|
||||
// Add blocks connected to the next connection.
|
||||
if (block.next) {
|
||||
|
|
21
src/util/xml-escape.js
Normal file
21
src/util/xml-escape.js
Normal file
|
@ -0,0 +1,21 @@
|
|||
/**
|
||||
* Escape a string to be safe to use in XML content.
|
||||
* CC-BY-SA: hgoebl
|
||||
* https://stackoverflow.com/questions/7918868/
|
||||
* how-to-escape-xml-entities-in-javascript
|
||||
* @param {!string} unsafe Unsafe string.
|
||||
* @return {string} XML-escaped string, for use within an XML tag.
|
||||
*/
|
||||
var xmlEscape = function (unsafe) {
|
||||
return unsafe.replace(/[<>&'"]/g, function (c) {
|
||||
switch (c) {
|
||||
case '<': return '<';
|
||||
case '>': return '>';
|
||||
case '&': return '&';
|
||||
case '\'': return ''';
|
||||
case '"': return '"';
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
module.exports = xmlEscape;
|
Loading…
Reference in a new issue