'>' are not escaped by the XmlSerializer #165
Comments
|
It looks like this is not an oversight (and what I figured might be the case), but it looks like ">" "may" be escaped https://www.w3.org/TR/xml/#NT-AttValue |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently the XmlSerializer does not escapes the '>' characters so a string like this:
<x id="START_ITALIC_TEXT" ctype="x-i" equiv-text="<i>"/>becomes
<x id="START_ITALIC_TEXT" ctype="x-i" equiv-text="<i>"/>This could easily be fixed by changing line 164 and 168 to include the '>' character
this:
return buf.push(' ', attrNode.name, '="', attrNode.value.replace(/[<&"]/g, this._xmlEncoder), '"');becomes:
return buf.push(' ', attrNode.name, '="', attrNode.value.replace(/[<>&"]/g, this._xmlEncoder), '"');same with line 168:
return buf.push(textNode.data.replace(/[<&]/g, this._xmlEncoder));becomes:
return buf.push(textNode.data.replace(/[<>&]/g, this._xmlEncoder));Since the change is so small did not feel like creating a pull request. However if you prefer a pull request I will be glad to create one
The text was updated successfully, but these errors were encountered: