summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRichard Hughes <richard@hughsie.com>2018-01-30 23:03:59 +0000
committerRichard Hughes <richard@hughsie.com>2018-08-04 11:18:10 +0100
commit3193b4de82d1768812f1ad51d1cd4c8efac6e604 (patch)
tree548f0e571c480eff7ef6ccdd781ffe98bf9d9219
parent889b75acf7f6f03d18b5d798a89abe09dc3027f4 (diff)
downloadappstream-glib-0_5_X.tar.gz
Never include '&' in attribute values0_5_X
Fixes: https://github.com/hughsie/lvfs-website/issues/33
Diffstat
-rw-r--r--libappstream-glib/as-node.c7
-rw-r--r--libappstream-glib/as-self-test.c6
2 files changed, 9 insertions, 4 deletions
diff --git a/libappstream-glib/as-node.c b/libappstream-glib/as-node.c
index a953e72..cd79301 100644
--- a/libappstream-glib/as-node.c
+++ b/libappstream-glib/as-node.c
@@ -222,12 +222,17 @@ as_node_get_attr_string (AsNodeData *data)
str = g_string_new ("");
for (l = data->attrs; l != NULL; l = l->next) {
+ g_autoptr(GString) value_safe = NULL;
attr = l->data;
if (g_strcmp0 (attr->key, "@comment") == 0 ||
g_strcmp0 (attr->key, "@comment-tmp") == 0)
continue;
+ value_safe = g_string_new (attr->value);
+ as_utils_string_replace (value_safe, "&", "&amp;");
+ as_utils_string_replace (value_safe, "<", "&lt;");
+ as_utils_string_replace (value_safe, ">", "&gt;");
g_string_append_printf (str, " %s=\"%s\"",
- attr->key, attr->value);
+ attr->key, value_safe->str);
}
return g_string_free (str, FALSE);
}
diff --git a/libappstream-glib/as-self-test.c b/libappstream-glib/as-self-test.c
index 81491df..25d39c5 100644
--- a/libappstream-glib/as-self-test.c
+++ b/libappstream-glib/as-self-test.c
@@ -946,7 +946,7 @@ as_test_checksum_func (void)
AsNode *n;
AsNode *root;
GString *xml;
- const gchar *src = "<checksum filename=\"fn.cab\" target=\"container\" type=\"sha1\">12345</checksum>";
+ const gchar *src = "<checksum filename=\"f&amp;n.cab\" target=\"container\" type=\"sha1\">12&amp;45</checksum>";
gboolean ret;
g_autofree AsNodeContext *ctx = NULL;
g_autoptr(AsChecksum) csum = NULL;
@@ -976,8 +976,8 @@ as_test_checksum_func (void)
/* verify */
g_assert_cmpint (as_checksum_get_kind (csum), ==, G_CHECKSUM_SHA1);
g_assert_cmpint (as_checksum_get_target (csum), ==, AS_CHECKSUM_TARGET_CONTAINER);
- g_assert_cmpstr (as_checksum_get_filename (csum), ==, "fn.cab");
- g_assert_cmpstr (as_checksum_get_value (csum), ==, "12345");
+ g_assert_cmpstr (as_checksum_get_filename (csum), ==, "f&n.cab");
+ g_assert_cmpstr (as_checksum_get_value (csum), ==, "12&45");
/* back to node */
root = as_node_new ();
View Lorry Controller Status