Skip to content
Browse files

Merge pull request #3 from rlidwka/xmlescape

XML entities aren't escaped
  • Loading branch information...
2 parents 580613d + 4dce3ee commit 58cb1a61a84803db9ee9942dedee928c8103cabd @stevegraham committed Jan 10, 2013
Showing with 11 additions and 2 deletions.
  1. +11 −2 lib/twilio.js
View
13 lib/twilio.js
@@ -323,15 +323,24 @@ module.exports = (function() {
level--;
}
+ var xmlEncode = function(text) {
+ return String(text)
+ .replace(/&/g, '&')
+ .replace(/\"/g, '"')
+ .replace(/\'/g, ''')
+ .replace(/</g, '&lt;')
+ .replace(/>/g, '&gt;')
+ }
+
var toAttributes = function(obj) {
var string = "";
- for (key in obj) { string += " " + key + "=" + "\"" + obj[key] + "\"" }
+ for (key in obj) { string += " " + key + "=" + "\"" + xmlEncode(obj[key]) + "\"" }
return string;
}
var commonElement = function(verb) {
return function(str, attributes) {
- append("<" + verb + toAttributes(attributes) + ">" + str + "</" + verb + ">");
+ append("<" + verb + toAttributes(attributes) + ">" + xmlEncode(str) + "</" + verb + ">");
}
}

0 comments on commit 58cb1a6

Please sign in to comment.
Something went wrong with that request. Please try again.