Permalink
Browse files

[SVG] escape text in attribute values (moritz++)

From: Moritz Lenz <moritz@faui2k3.org>
Date: Fri, 4 Sep 2009 15:50:47 +0200
Subject: [PATCH] escape <>&" in plain text
  • Loading branch information...
1 parent 21346b6 commit 686bdbf662531c81a30eab8af9cd7d2b8bcb9dae @masak committed Sep 4, 2009
Showing with 26 additions and 1 deletion.
  1. +12 −1 lib/SVG.pm
  2. +14 −0 t/escaping.t
View
@@ -37,10 +37,20 @@ class SVG {
[~] @attrs>>.fmt: ' %s="%s"';
}
+ sub escape($str) {
+ my %charmap =
+ '>' => '&gt;',
+ '<' => '&lt;',
+ '"' => '&quot;',
+ '&' => '&amp;',
+ ;
+ $str.subst( rx{ <[<>&"]> }, { %charmap{$_} }, :g);
+ }
+
sub visit(@list) {
[~] @list.map: -> $node {
if $node ~~ Str {
- $node;
+ escape($node);
}
else {
my ($name, $subtree) = $node.kv;
@@ -105,3 +115,4 @@ significant contributions made by Daniel Schröer.
=end pod
+# vim: ft=perl6 sw=4 ts=4 expandtab
View
@@ -0,0 +1,14 @@
+use v6;
+BEGIN { @*INC.push: 'lib', '../lib' };
+
+use SVG;
+use Test;
+plan *;
+ok SVG.serialize('a' => [ :b<c>, '<foo>' ]) !~~ / '<foo>' /,
+ 'plain text is escaped (<>)';
+ok SVG.serialize('a' => [ :b<c>, '&' ]) ~~ / '&amp;' /,
+ 'plain text is escaped (&)';
+ok SVG.serialize('a' => [ :b<c>, 'a"b' ]) !~~ / 'a"b' /,
+ 'plain text is escaped (")';
+
+done_testing;

0 comments on commit 686bdbf

Please sign in to comment.