[Subsurface-trac] [Subsurface] #73: description not escaped - brakes xml
Linus Torvalds
torvalds at linux-foundation.org
Wed Feb 27 07:58:41 PST 2013
On Wed, Feb 27, 2013 at 6:58 AM, Dirk Hohndel <dirk at hohndel.org> wrote:
>
> I know that we used to do that. We have all the routines to escape both attributes and regular content in XML. I wonder why we don't call that for the cylinder description attribute…
It's just slipped through.
This does it for everything I found. Some of it was safe (the
divecomputer model is supplied from libdivecomputer, and none of them
have single quotes _yet_, afaik), but with this there are no '%s'
strings left except for the ones used by the helper functions (for
"pre" and "post" strings).
It also takes some of our existing uses of show_utf8(), and removes
the redundant "check if the string is NULL or empty". show_utf8() does
that internally.
Add my SOB.
Linus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch.diff
Type: application/octet-stream
Size: 2607 bytes
Desc: not available
URL: <http://lists.hohndel.org/pipermail/subsurface/attachments/20130227/7abed406/attachment.obj>
More information about the subsurface
mailing list