Always escape quotes in XML files.

This commit is contained in:
Moritz Bunkus 2005-09-18 19:01:25 +00:00
parent 388bac2386
commit 1f376290a2
3 changed files with 8 additions and 9 deletions

View File

@ -901,8 +901,7 @@ unescape(const string &source) {
}
string
escape_xml(const string &source,
bool escape_quotes) {
escape_xml(const string &source) {
string dst;
string::const_iterator src;
@ -914,7 +913,7 @@ escape_xml(const string &source,
dst += ">";
else if (*src == '<')
dst += "&lt;";
else if (escape_quotes && (*src == '"'))
else if (*src == '"')
dst += "&quot;";
else
dst += *src;
@ -933,7 +932,7 @@ create_xml_node_name(const char *name,
node_name = string("<") + name;
for (i = 0; (NULL != atts[i]) && (NULL != atts[i + 1]); i += 2)
node_name += string(" ") + atts[i] + "=\"" +
escape_xml(atts[i + 1], true) + "\"";
escape_xml(atts[i + 1]) + "\"";
node_name += ">";
return node_name;

View File

@ -238,7 +238,7 @@ void MTX_DLL_API strip(string &s, bool newlines = false);
void MTX_DLL_API strip(vector<string> &v, bool newlines = false);
string MTX_DLL_API escape(const string &src);
string MTX_DLL_API unescape(const string &src);
string MTX_DLL_API escape_xml(const string &src, bool escape_quotes = false);
string MTX_DLL_API escape_xml(const string &src);
string MTX_DLL_API create_xml_node_name(const char *name, const char **atts);
bool MTX_DLL_API starts_with(const string &s, const char *start,
int maxlen = -1);

View File

@ -214,14 +214,14 @@ xml_formatter_c::write_header() {
#endif
m_out->write_bom(m_encoding);
m_out->printf("<?xml version=\"1.0\" encoding=\"%s\"?>\n",
escape_xml(m_encoding, true).c_str());
escape_xml(m_encoding).c_str());
if ((m_dtd != "") && (m_dtd_file != ""))
m_out->printf("\n<!-- DOCTYPE %s SYSTEM \"%s\" -->\n", m_dtd.c_str(),
escape_xml(m_dtd_file, true).c_str());
escape_xml(m_dtd_file).c_str());
if ((m_stylesheet_type != "") && (m_stylesheet_file != ""))
m_out->printf("\n<?xml-stylesheet type=\"%s\" href=\"%s\"?>\n",
escape_xml(m_stylesheet_type, true).c_str(),
escape_xml(m_stylesheet_file, true).c_str());
escape_xml(m_stylesheet_type).c_str(),
escape_xml(m_stylesheet_file).c_str());
m_header_written = true;
}