diff options
| author |  Matthew Seal <matthewseal@protonmail.com>
| 2018-09-15 06:13:05 -0600 |
|---|---|---|
| committer |  LogMANOriginal <LogMANOriginal@users.noreply.github.com>
| 2018-09-15 14:13:05 +0200 |
| commit | e34ef6cb4f77a6360debc73f147a44191d533a2b (patch) | |
| tree | 645aa6a7d51d1e4d8d218430b04a5b01ed4df1e7 | |
| parent | 5c92a736fa06bec927888af922e0c7f0e8782599 (diff) | |
| download | rss-bridge-e34ef6cb4f77a6360debc73f147a44191d533a2b.tar.gz rss-bridge-e34ef6cb4f77a6360debc73f147a44191d533a2b.tar.zst rss-bridge-e34ef6cb4f77a6360debc73f147a44191d533a2b.zip | |
[MrssFormat] Escape double quotes in XML attributes (#813)
XML attributes need to have certain characters escaped to be valid. The title attribute can have double quotes in it which need to be properly encoded for attributes.
| -rw-r--r-- | formats/MrssFormat.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/formats/MrssFormat.php b/formats/MrssFormat.php index 72a829e7..7ea9756f 100644 --- a/formats/MrssFormat.php +++ b/formats/MrssFormat.php @@ -79,6 +79,8 @@ EOD; $charset = $this->getCharset(); + /* xml attributes need to have certain characters escaped to be w3c compliant */ + $imageTitle = htmlspecialchars($title, ENT_COMPAT); /* Data are prepared, now let's begin the "MAGIE !!!" */ $toReturn = <<<EOD <?xml version="1.0" encoding="{$charset}"?> @@ -90,7 +92,7 @@ xmlns:atom="http://www.w3.org/2005/Atom"> <title>{$title}</title> <link>http{$https}://{$httpHost}{$httpInfo}/</link> <description>{$title}</description> - <image url="{$icon}" title="{$title}" link="{$uri}"/> + <image url="{$icon}" title="{$imageTitle}" link="{$uri}"/> <atom:link rel="alternate" type="text/html" href="{$uri}" /> <atom:link rel="self" href="http{$https}://{$httpHost}{$serverRequestUri}" /> {$items} |