Escape labels and values so we produce invalid XML.

unboxed · Apr 21, 2010 · 64c7040 · 64c7040
1 parent c2b3d84
commit 64c7040
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/ext/iCuke/Viewer.m b/ext/iCuke/Viewer.m
@@ -24,13 +24,25 @@ -(void)appendOpenToXml:(NSMutableString*)xml {
 	[xml appendFormat: @"<%@", NSStringFromClass([self class])];
 	[self appendTraitsToXml: xml];
 	if ([[self accessibilityLabel] length] > 0) {
-		[xml appendFormat: @"label=\"%@\" ", [self accessibilityLabel]];
+		NSString *escaped_label = [self accessibilityLabel];
+		escaped_label = [escaped_label stringByReplacingOccurrencesOfString: @"&" withString: @"&amp;"];
+		escaped_label = [escaped_label stringByReplacingOccurrencesOfString: @"'" withString: @"&quot;"];
+		escaped_label = [escaped_label stringByReplacingOccurrencesOfString: @"\\" withString: @"&#39;"];
+		escaped_label = [escaped_label stringByReplacingOccurrencesOfString: @">" withString: @"&gt;"];
+		escaped_label = [escaped_label stringByReplacingOccurrencesOfString: @"<" withString: @"&lt;"];
+		[xml appendFormat: @"label=\"%@\" ", escaped_label];
 	}
 	if ([[self accessibilityHint] length] > 0) {
 		[xml appendFormat: @"hint=\"%@\" ", [self accessibilityHint]];
 	}
 	if ([[self accessibilityValue] length] > 0) {
-		[xml appendFormat: @"value=\"%@\" ", [self accessibilityValue]];
+		NSString *escaped_value = [self accessibilityValue];
+		escaped_value = [escaped_value stringByReplacingOccurrencesOfString: @"&" withString: @"&amp;"];
+		escaped_value = [escaped_value stringByReplacingOccurrencesOfString: @"'" withString: @"&quot;"];
+		escaped_value = [escaped_value stringByReplacingOccurrencesOfString: @"\\" withString: @"&#39;"];
+		escaped_value = [escaped_value stringByReplacingOccurrencesOfString: @">" withString: @"&gt;"];
+		escaped_value = [escaped_value stringByReplacingOccurrencesOfString: @"<" withString: @"&lt;"];
+		[xml appendFormat: @"value=\"%@\" ", escaped_value];
 	}
 	[xml appendString: @">"];
 }