From a5f670ed963e3d3b9938751cfa53e604e8bca345 Mon Sep 17 00:00:00 2001 From: digital dreamer Date: Tue, 3 Jun 2014 22:05:40 +0200 Subject: [PATCH] properly escape xml characters --- src/twister_rss.cpp | 19 +++++++++++++++++++ src/twister_rss.h | 1 + 2 files changed, 20 insertions(+) diff --git a/src/twister_rss.cpp b/src/twister_rss.cpp index b58c6876..aeb17cd7 100644 --- a/src/twister_rss.cpp +++ b/src/twister_rss.cpp @@ -102,6 +102,7 @@ int generateRSS(string uri, string *output) postTitle="Direct Message from "+postAuthor; postMsg=find_value(userArray[i].get_obj(),"text").get_str(); Value postTime = find_value(userArray[i].get_obj(),"time"); + encodeXmlCharacters(postMsg); Object item; item.push_back(Pair("time",postTime)); @@ -146,6 +147,7 @@ int generateRSS(string uri, string *output) } Value postTime = find_value(userpost,"time"); + encodeXmlCharacters(postMsg); Object item; item.push_back(Pair("time",postTime)); @@ -219,3 +221,20 @@ bool sortByTime (Object i,Object j) { return (find_value(i,"time").get_int64()>find_value(j,"time").get_int64()); } + +void encodeXmlCharacters(std::string& data) +{ + std::string buffer; + buffer.reserve(data.size()); + for(size_t pos = 0; pos != data.size(); ++pos) { + switch(data[pos]) { + case '&': buffer.append("&"); break; + case '\"': buffer.append("""); break; + case '\'': buffer.append("'"); break; + case '<': buffer.append("<"); break; + case '>': buffer.append(">"); break; + default: buffer.append(&data[pos], 1); break; + } + } + data.swap(buffer); +} diff --git a/src/twister_rss.h b/src/twister_rss.h index b050c9d2..a48d15f5 100644 --- a/src/twister_rss.h +++ b/src/twister_rss.h @@ -15,6 +15,7 @@ enum RSSResultCode }; extern bool sortByTime (json_spirit::Object i,json_spirit::Object j); +extern void encodeXmlCharacters (std::string& data); #ifdef HAVE_BOOST_REGEX extern std::map parseQuery(const std::string& query); #endif