aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2008-11-19 05:02:13 +0000
committerMatthew Wild <mwild1@gmail.com>2008-11-19 05:02:13 +0000
commitb32558393fb6cc5f8c04304e74f8dc20e556792b (patch)
tree5a430cba8b831f7d3ecf82260666eb0790b58a45
parent801e99fcbbfd667fb3d8779782a6d9fb214d1685 (diff)
downloadprosody-b32558393fb6cc5f8c04304e74f8dc20e556792b.tar.gz
prosody-b32558393fb6cc5f8c04304e74f8dc20e556792b.zip
Don't forget to escape XML in attributes. Thanks to the Postgres Q&amp;A room on conference.jabber.org :)
-rw-r--r--util/stanza.lua4
1 files changed, 2 insertions, 2 deletions
diff --git a/util/stanza.lua b/util/stanza.lua
index 5a6ba8c5..36e07317 100644
--- a/util/stanza.lua
+++ b/util/stanza.lua
@@ -103,7 +103,7 @@ function stanza_mt.__tostring(t)
local attr_string = "";
if t.attr then
- for k, v in pairs(t.attr) do if type(k) == "string" then attr_string = attr_string .. s_format(" %s='%s'", k, tostring(v)); end end
+ for k, v in pairs(t.attr) do if type(k) == "string" then attr_string = attr_string .. s_format(" %s='%s'", k, xml_escape(tostring(v))); end end
end
return s_format("<%s%s>%s</%s>", t.name, attr_string, children_text, t.name);
end
@@ -111,7 +111,7 @@ end
function stanza_mt.top_tag(t)
local attr_string = "";
if t.attr then
- for k, v in pairs(t.attr) do if type(k) == "string" then attr_string = attr_string .. s_format(" %s='%s'", k, tostring(v)); end end
+ for k, v in pairs(t.attr) do if type(k) == "string" then attr_string = attr_string .. s_format(" %s='%s'", k, xml_escape(tostring(v))); end end
end
return s_format("<%s%s>", t.name, attr_string);
end