Mercurial > lxmppd-hg-xmllex / changeset
changeset
Don't forget to escape XML in attributes. Thanks to the Postgres Q&A room on conference.jabber.org :)
Wed, 19 Nov 2008 05:02:13 +0000
- author
- Matthew Wild <mwild1@gmail.com>
- date
- Wed, 19 Nov 2008 05:02:13 +0000
- changeset 338
- 804f5e62a41f
- parent 337
- 4a1dd1c2c219
- child 339
- c6446bbfe40c
Don't forget to escape XML in attributes. Thanks to the Postgres Q&A room on conference.jabber.org :)
| util/stanza.lua | file | annotate | diff | comparison | revisions |
--- a/util/stanza.lua Tue Nov 18 22:41:04 2008 +0000 +++ b/util/stanza.lua Wed Nov 19 05:02:13 2008 +0000 @@ -103,7 +103,7 @@ local attr_string = ""; if t.attr then - for k, v in pairs(t.attr) do if type(k) == "string" then attr_string = attr_string .. s_format(" %s='%s'", k, tostring(v)); end end + for k, v in pairs(t.attr) do if type(k) == "string" then attr_string = attr_string .. s_format(" %s='%s'", k, xml_escape(tostring(v))); end end end return s_format("<%s%s>%s</%s>", t.name, attr_string, children_text, t.name); end @@ -111,7 +111,7 @@ function stanza_mt.top_tag(t) local attr_string = ""; if t.attr then - for k, v in pairs(t.attr) do if type(k) == "string" then attr_string = attr_string .. s_format(" %s='%s'", k, tostring(v)); end end + for k, v in pairs(t.attr) do if type(k) == "string" then attr_string = attr_string .. s_format(" %s='%s'", k, xml_escape(tostring(v))); end end end return s_format("<%s%s>", t.name, attr_string); end
