Permalink
Browse files

escape XML in SVG strings

  • Loading branch information...
Tim de Koning
Tim de Koning committed Feb 9, 2012
1 parent e5d92f7 commit 0ed5f8024883c722b50150577e8b6270a4544927
Showing with 16 additions and 4 deletions.
  1. +2 −2 src/text.class.js
  2. +14 −2 src/util/lang_string.js
View
@@ -328,7 +328,7 @@
toFixed(lineTopOffset + (i === 0 ? this._shadowOffsets[j][1] : 0), 2),
'" ',
this._getFillAttributes(this._shadows[j].color), '>',
- textLines[i],
+ fabric.util.string.escapeXml(textLines[i]),
'</tspan>');
lineTopOffsetMultiplier = 1;
} else {
@@ -355,7 +355,7 @@
toFixed(lineTopOffset * lineTopOffsetMultiplier, 2) , '" ',
// doing this on <tspan> elements since setting opacity on containing <text> one doesn't work in Illustrator
this._getFillAttributes(this.fill), '>',
- textLines[i],
+ fabric.util.string.escapeXml(textLines[i]),
'</tspan>'
);
lineTopOffsetMultiplier = 1;
View
@@ -1,3 +1,5 @@
+(function() {
+
if (!String.prototype.trim) {
/**
* Trims a string (removing whitespace from the beginning and the end)
@@ -34,8 +36,18 @@ function capitalize(string) {
return string.charAt(0).toUpperCase() + string.slice(1).toLowerCase();
}
+function escapeXml(string) {
+ return string.replace('&', '&amp;')
+ .replace('"', '&quot;')
+ .replace("'", '&apos;')
+ .replace("<", '&lt;')
+ .replace(">", '&gt;');
+}
+
/** @namespace */
fabric.util.string = {
camelize: camelize,
- capitalize: capitalize
-};
+ capitalize: capitalize,
+ escapeXml: escapeXml
+};
+}());

0 comments on commit 0ed5f80

Please sign in to comment.