From 318ad1e31b0e50959e4df4912a0d48cd5a80b216 Mon Sep 17 00:00:00 2001 From: Loic Denuziere Date: Thu, 13 Sep 2018 19:01:08 +0200 Subject: [PATCH] Fix #1023: HTML escaping in HtmlTextWriter --- src/compiler/WebSharper.Core/Resources.fs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/compiler/WebSharper.Core/Resources.fs b/src/compiler/WebSharper.Core/Resources.fs index 079f573dd..7c31425de 100644 --- a/src/compiler/WebSharper.Core/Resources.fs +++ b/src/compiler/WebSharper.Core/Resources.fs @@ -22,6 +22,7 @@ module WebSharper.Core.Resources open System open System.IO +open System.Net open System.Reflection module CT = ContentTypes @@ -43,9 +44,6 @@ type HtmlTextWriter(w: TextWriter, indentString: string) = let mutable tagStack = System.Collections.Generic.Stack() let currentAttributes = ResizeArray() - let encodeText (text: string) = - text // TODO dotnet: do encode - new (w) = new HtmlTextWriter(w, "\t") override this.Write(c: char) = w.Write(c) @@ -88,8 +86,8 @@ type HtmlTextWriter(w: TextWriter, indentString: string) = this.Write(">") member this.WriteEncodedText(text: string) = - this.Write(encodeText text) - + WebUtility.HtmlEncode(text, w) + member this.AddAttribute(name: string, value: string) = currentAttributes.Add(struct (name, value)) @@ -97,7 +95,9 @@ type HtmlTextWriter(w: TextWriter, indentString: string) = this.WriteAttribute(name, value, false) member this.WriteAttribute(name: string, value: string, encoded: bool) = - this.Write(" {0}=\"{1}\"", name, encodeText value) + this.Write(" {0}=\"", name) + WebUtility.HtmlEncode(value, w) + this.Write("\"") #endif