Escape quotes in attributes

author: Robin Richtsfeld <robin.richtsfeld@gmail.com> 2018-07-11 20:14:13 +0200
committer: Richard Hughes <richard@hughsie.com> 2018-07-11 19:33:21 +0100
commit: d4fffd203144efa83c2f66a844fbbda59d22b4ad (patch)
tree: 98e25e4aebe5123072fa6c0f6ff713204dac2b6b
parent: 1e574413d3700322ddf3ecf40bd7aeec1080211d (diff)
download: appstream-glib-d4fffd203144efa83c2f66a844fbbda59d22b4ad.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libappstream-glib/as-node.c b/libappstream-glib/as-node.c
index 7036136..f0d13fc 100644
--- a/libappstream-glib/as-node.c
+++ b/libappstream-glib/as-node.c
@@ -343,6 +343,8 @@ as_node_get_attr_string (AsNodeData *data)
 		as_utils_string_replace (value_safe, "&", "&amp;");
 		as_utils_string_replace (value_safe, "<", "&lt;");
 		as_utils_string_replace (value_safe, ">", "&gt;");
+		as_utils_string_replace (value_safe, "\"", "&quot;");
+		as_utils_string_replace (value_safe, "'", "&apos;");
 		g_string_append_printf (str, " %s=\"%s\"",
 					attr->key, value_safe->str);
 	}
author	Robin Richtsfeld <robin.richtsfeld@gmail.com>	2018-07-11 20:14:13 +0200
committer	Richard Hughes <richard@hughsie.com>	2018-07-11 19:33:21 +0100
commit	d4fffd203144efa83c2f66a844fbbda59d22b4ad (patch)
tree	98e25e4aebe5123072fa6c0f6ff713204dac2b6b
parent	1e574413d3700322ddf3ecf40bd7aeec1080211d (diff)
download	appstream-glib-d4fffd203144efa83c2f66a844fbbda59d22b4ad.tar.gz