Fix #1870 - Strip control characters out of strings in AtomSerializer (#1876)

* Fix #1870 - Strip control characters out of strings in AtomSerializer

* Adjust according to comment by @alpaca-tc
shrike
Eugen 2017-04-16 20:32:27 +02:00 committed by GitHub
parent e4af4898de
commit f902a335f9
1 changed files with 8 additions and 2 deletions

View File

@ -3,6 +3,8 @@
class AtomSerializer class AtomSerializer
include RoutingHelper include RoutingHelper
INVALID_XML_CHARS = /[^\u0009\u000a\u000d\u0020-\uD7FF\uE000-\uFFFD\u10000-\u10FFFF]/
class << self class << self
def render(element) def render(element)
document = Ox::Document.new(version: '1.0') document = Ox::Document.new(version: '1.0')
@ -311,11 +313,15 @@ class AtomSerializer
def append_element(parent, name, content = nil, attributes = {}) def append_element(parent, name, content = nil, attributes = {})
element = Ox::Element.new(name) element = Ox::Element.new(name)
attributes.each { |k, v| element[k] = v.to_s } attributes.each { |k, v| element[k] = sanitize_str(v) }
element << content.to_s unless content.nil? element << sanitize_str(content) unless content.nil?
parent << element parent << element
end end
def sanitize_str(raw_str)
raw_str.to_s.gsub(INVALID_XML_CHARS, '')
end
def add_namespaces(parent) def add_namespaces(parent)
parent['xmlns'] = TagManager::XMLNS parent['xmlns'] = TagManager::XMLNS
parent['xmlns:thr'] = TagManager::THR_XMLNS parent['xmlns:thr'] = TagManager::THR_XMLNS