Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AEXMLElement writes attributes unescaped #61

Closed
jonnermut opened this issue Dec 29, 2015 · 4 comments
Closed

AEXMLElement writes attributes unescaped #61

jonnermut opened this issue Dec 29, 2015 · 4 comments

Comments

@jonnermut
Copy link

I am using an old version, but I think this is still in the source - if you set an attribute value to a string with an & in it, it is written unescaped by .xmlString
@tyczj
Copy link

tyczj commented Jan 25, 2016

I see this problem too

@tadija
Copy link
Owner

tadija commented Jan 27, 2016

Can you elaborate on this? Which version are you using? I'm only interested if it's the latest, and if you could please add some example in Xcode Playground perhaps?

@ferrarop
Copy link

ferrarop commented Feb 8, 2016

It happens in the latest version.
It seems that you correctly escape the element "value", but not the attributes.

In particular, in the xmlString property, you use (escapedStringValue) for the element value, and the unescaped (value) for the attributes values.

/// Complete hierarchy of `self` and `children` in **XML** escaped and formatted String
public var xmlString: String {
    var xml = String()

    // open element
    xml += indentation(parentsCount - 1)
    xml += "<\(name)"

    if attributes.count > 0 {
        // insert attributes
        for (key, value) in attributes {
            xml += " \(key)=\"\(value)\""
        }
    }

    if value == nil && children.count == 0 {
        // close element
        xml += " />"
    } else {
        if children.count > 0 {
            // add children
            xml += ">\n"
            for child in children {
                xml += "\(child.xmlString)\n"
            }
            // add indentation
            xml += indentation(parentsCount - 1)
            xml += "</\(name)>"
        } else {
            // insert string value and close element
            xml += ">\(escapedStringValue)</\(name)>"
        }
    }

    return xml
}

Attributes are [String: String], so they can't access the escapedStringValue property of AEXMLElement.
I think you should escape attributes in the same way you do for element values, doing something similar to the escapedStringValue property.

tadija added a commit that referenced this issue May 2, 2016
@tadija
Replaced escapedStringValue property with xmlEscaped property in …
91aed4f 
…public String extension

Implemented using of `xmlEscaped` for attribute values inside `xmlString` [fixed Issue #61]
Improved `testXMLString` and added `testXMLEscapedString` in unit tests
tadija added a commit that referenced this issue May 2, 2016
@tadija
Merge branch 'develop'
94b6106 
* develop:
  Bumped version from 2.1.0 to 3.0.0
  Update CHANGELOG.md
  Update README.md
  Minor refactoring and inline docs improvements
  Added support for Swift Package Manager (PR#70)
  Created separate Xcode project for example (AEXMLDemo) Moved example stuff from library project to new example project Organizing project schemes, directories, files and stuff
  Renamed directory 'Source' -> 'Sources'
  Improved error handling (fixed Issue #62) Added error property of ErrorType enum with possible error cases Removed errorElementName static property Modified subscript logic of AEXMLElement to return empty element with ElementNotFound error (if element does not exist) Modified root property of AEXMLDocument to return empty element with RootElementMissing error (if root element does not exist) Improved logic in testRootElement and testNotExistingElement unit tests Minor changes in example ViewController and README.md
  Replaced `escapedStringValue` property with `xmlEscaped` property in public String extension Implemented using of `xmlEscaped` for attribute values inside `xmlString` [fixed Issue #61] Improved `testXMLString` and added `testXMLEscapedString` in unit tests
  Added xmlStringCompact property to AEXMLElement (again) It was removed earlier in 0d2e7f1 but added again because of the PR#71
  Minor refactoring
  Change NSXMLParserOptions struct
  Minor refactoring (fix for #73 is already there)
  Remove 'var" from parameters of indentation function
  Removed inheritance from NSObject in AEXMLElement Fixed issue #57 and PR #63
@tadija
Copy link
Owner

tadija commented May 3, 2016

Hi, escaping attribute values is added in latest version (3.0.0). Thanks for reporting this!

@tadija tadija closed this as completed May 3, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jonnermut @tyczj @tadija @ferrarop