Merge pull request #2054 from SiboVG/issue-2051

[#2051] Sanitize some XML content
This commit is contained in:
Sibo Van Gool 2023-02-16 05:12:30 +01:00 committed by GitHub
commit f63acc25fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 4 deletions

View File

@ -627,7 +627,7 @@ public class OpenRocketSaver extends RocketSaver {
private void writeElement(String element, Object content) throws IOException {
if (content == null)
content = "";
writeln("<" + element + ">" + content + "</" + element + ">");
writeln("<" + element + ">" + TextUtil.escapeXML(content) + "</" + element + ">");
}

View File

@ -40,8 +40,9 @@ public class RocketComponentSaver {
ComponentPreset preset = c.getPresetComponent();
if (preset != null) {
elements.add("<preset type=\"" + preset.getType() +
"\" manufacturer=\"" + preset.getManufacturer().getSimpleName() +
"\" partno=\"" + preset.getPartNo() + "\" digest=\"" + preset.getDigest() + "\"/>");
"\" manufacturer=\"" + TextUtil.escapeXML(preset.getManufacturer().getSimpleName()) +
"\" partno=\"" + TextUtil.escapeXML(preset.getPartNo()) + "\" digest=\"" +
preset.getDigest() + "\"/>");
}
// Save outside appearance

View File

@ -156,7 +156,11 @@ public class TextUtil {
*
* The result is both valid XML and HTML 2.0. The majority of characters are left unchanged.
*/
public static String escapeXML(String s) {
public static String escapeXML(Object obj) {
if (obj == null) {
return "";
}
String s = obj.toString();
StringBuilder sb = new StringBuilder(s.length());
for (int i = 0; i < s.length(); i++) {