Software / code / prosody
Changeset
338:804f5e62a41f
Don't forget to escape XML in attributes. Thanks to the Postgres Q&A room on conference.jabber.org :)
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 19 Nov 2008 05:02:13 +0000 |
| parents | 337:4a1dd1c2c219 |
| children | 339:c6446bbfe40c |
| files | util/stanza.lua |
| diffstat | 1 files changed, 2 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/util/stanza.lua Tue Nov 18 22:41:04 2008 +0000 +++ b/util/stanza.lua Wed Nov 19 05:02:13 2008 +0000 @@ -103,7 +103,7 @@ local attr_string = ""; if t.attr then - for k, v in pairs(t.attr) do if type(k) == "string" then attr_string = attr_string .. s_format(" %s='%s'", k, tostring(v)); end end + for k, v in pairs(t.attr) do if type(k) == "string" then attr_string = attr_string .. s_format(" %s='%s'", k, xml_escape(tostring(v))); end end end return s_format("<%s%s>%s</%s>", t.name, attr_string, children_text, t.name); end @@ -111,7 +111,7 @@ function stanza_mt.top_tag(t) local attr_string = ""; if t.attr then - for k, v in pairs(t.attr) do if type(k) == "string" then attr_string = attr_string .. s_format(" %s='%s'", k, tostring(v)); end end + for k, v in pairs(t.attr) do if type(k) == "string" then attr_string = attr_string .. s_format(" %s='%s'", k, xml_escape(tostring(v))); end end end return s_format("<%s%s>", t.name, attr_string); end
