Merge pull request #2054 from SiboVG/issue-2051

[#2051] Sanitize some XML content

core/src/net/sf/openrocket/file/openrocket/OpenRocketSaver.java

@@ -627,7 +627,7 @@ public class OpenRocketSaver extends RocketSaver {
 	private void writeElement(String element, Object content) throws IOException {
 		if (content == null)
 			content = "";
-		writeln("<" + element + ">" + content + "</" + element + ">");
+		writeln("<" + element + ">" + TextUtil.escapeXML(content) + "</" + element + ">");
 	}
 	
 	

core/src/net/sf/openrocket/file/openrocket/savers/RocketComponentSaver.java

@@ -40,8 +40,9 @@ public class RocketComponentSaver {
 		ComponentPreset preset = c.getPresetComponent();
 		if (preset != null) {
 			elements.add("<preset type=\"" + preset.getType() +
-					"\" manufacturer=\"" + preset.getManufacturer().getSimpleName() +
-					"\" partno=\"" + preset.getPartNo() + "\" digest=\"" + preset.getDigest() + "\"/>");
+					"\" manufacturer=\"" + TextUtil.escapeXML(preset.getManufacturer().getSimpleName()) +
+					"\" partno=\"" + TextUtil.escapeXML(preset.getPartNo()) + "\" digest=\"" +
+					preset.getDigest() + "\"/>");
 		}
 
 		// Save outside appearance

core/src/net/sf/openrocket/util/TextUtil.java

@@ -156,7 +156,11 @@ public class TextUtil {
 	 * 
 	 * The result is both valid XML and HTML 2.0.  The majority of characters are left unchanged.
 	 */
-	public static String escapeXML(String s) {
+	public static String escapeXML(Object obj) {
+		if (obj == null) {
+			return "";
+		}
+		String s = obj.toString();
 		StringBuilder sb = new StringBuilder(s.length());
 		
 		for (int i = 0; i < s.length(); i++) {