Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

XML entities aren't escaped #3

Merged
merged 1 commit into from

2 participants

@rlidwka
require('twilio-js').TwiML.build(function(r) {
    r.gather(function(){}, {
        action: 'http://example.com/query?test=123&test2=456'
    });
})

This code produce incorrect XML because ampersand isn't escaped properly. So Twilio fails to parse it.

I included a quick fix for it, but the best solution probably will be to use a xml library.

@stevegraham
Owner

thanks @rlidwka. which lib do you recommend?

@rlidwka

I didn't use xml in node.js before, so I don't know. Seems like there are a lot of them, and I can't find a perfect one.

@stevegraham stevegraham merged commit 58cb1a6 into stevegraham:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Nov 13, 2012
  1. @rlidwka

    escape XML entities

    rlidwka authored
This page is out of date. Refresh to see the latest.
Showing with 11 additions and 2 deletions.
  1. +11 −2 lib/twilio.js
View
13 lib/twilio.js
@@ -323,15 +323,24 @@ module.exports = (function() {
level--;
}
+ var xmlEncode = function(text) {
+ return String(text)
+ .replace(/&/g, '&')
+ .replace(/\"/g, '"')
+ .replace(/\'/g, ''')
+ .replace(/</g, '&lt;')
+ .replace(/>/g, '&gt;')
+ }
+
var toAttributes = function(obj) {
var string = "";
- for (key in obj) { string += " " + key + "=" + "\"" + obj[key] + "\"" }
+ for (key in obj) { string += " " + key + "=" + "\"" + xmlEncode(obj[key]) + "\"" }
return string;
}
var commonElement = function(verb) {
return function(str, attributes) {
- append("<" + verb + toAttributes(attributes) + ">" + str + "</" + verb + ">");
+ append("<" + verb + toAttributes(attributes) + ">" + xmlEncode(str) + "</" + verb + ">");
}
}
Something went wrong with that request. Please try again.