Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixes #70: serialize() escaped attribute values incorrectly.

  • Loading branch information...
commit 8f1b18e66314c25cfecc4098089f65486252a1df 1 parent f82cabf
@metajack metajack authored
Showing with 15 additions and 1 deletion.
  1. +3 −1 src/core.js
  2. +12 −0 tests/tests.js
View
4 src/core.js
@@ -771,7 +771,9 @@ Strophe = {
if(elem.attributes[i].nodeName != "_realname") {
result += " " + elem.attributes[i].nodeName.toLowerCase() +
"='" + elem.attributes[i].value
- .replace("'", "'").replace("&", "&") + "'";
+ .replace("&", "&")
+ .replace("'", "'")
+ .replace("<", "&lt;") + "'";
}
}
View
12 tests/tests.js
@@ -95,6 +95,18 @@ $(document).ready(function () {
}
});
+ test("Builder with XML attribute escaping test", function () {
+ var text = "<b>";
+ var expected = "<presence to='&lt;b>' xmlns='jabber:client'/>";
+ var pres = $pres({to: text});
+ equals(pres.toString(), expected, "< should be escaped");
+
+ text = "foo&bar";
+ expected = "<presence to='foo&amp;bar' xmlns='jabber:client'/>";
+ pres = $pres({to: text});
+ equals(pres.toString(), expected, "& should be escaped");
+ });
+
module("XML");
test("XML escaping test", function () {
Please sign in to comment.
Something went wrong with that request. Please try again.