From 2fba2e9743e680b76c070a3604f5d6b56eb44e49 Mon Sep 17 00:00:00 2001
From: Edwin Mons <edwin.mons@isode.com>
Date: Thu, 7 Feb 2019 13:35:02 +0100
Subject: Split out attribute escape routine

Test-Information:

Unit tests pass on Debian 9

Change-Id: I60f95816cfa48a619f83daac1d88e229bbe228ed

diff --git a/Swiften/Serializer/XML/UnitTest/XMLElementTest.cpp b/Swiften/Serializer/XML/UnitTest/XMLElementTest.cpp
index ed3f8ab..ce6d7fa 100644
--- a/Swiften/Serializer/XML/UnitTest/XMLElementTest.cpp
+++ b/Swiften/Serializer/XML/UnitTest/XMLElementTest.cpp
@@ -65,6 +65,13 @@ class XMLElementTest : public CppUnit::TestFixture
 
             CPPUNIT_ASSERT_EQUAL(std::string("<foo myatt=\"\"/>"), testling.serialize());
         }
+
+        void testEscape_SpecialAttributeCharacters() {
+            auto testling = XMLElement::escapeAttributeValue(R"(<"'&>not escaped.)");
+
+            CPPUNIT_ASSERT_EQUAL(std::string("&lt;&quot;&apos;&amp;&gt;not escaped."), testling);
+        }
+
 };
 
 CPPUNIT_TEST_SUITE_REGISTRATION(XMLElementTest);
diff --git a/Swiften/Serializer/XML/XMLElement.cpp b/Swiften/Serializer/XML/XMLElement.cpp
index f2397ca..7515061 100644
--- a/Swiften/Serializer/XML/XMLElement.cpp
+++ b/Swiften/Serializer/XML/XMLElement.cpp
@@ -39,14 +39,17 @@ std::string XMLElement::serialize() {
     return result;
 }
 
+std::string XMLElement::escapeAttributeValue(std::string value) {
+    String::replaceAll(value, '&', "&amp;");
+    String::replaceAll(value, '<', "&lt;");
+    String::replaceAll(value, '>', "&gt;");
+    String::replaceAll(value, '\'', "&apos;");
+    String::replaceAll(value, '"', "&quot;");
+    return value;
+}
+
 void XMLElement::setAttribute(const std::string& attribute, const std::string& value) {
-    std::string escapedValue(value);
-    String::replaceAll(escapedValue, '&', "&amp;");
-    String::replaceAll(escapedValue, '<', "&lt;");
-    String::replaceAll(escapedValue, '>', "&gt;");
-    String::replaceAll(escapedValue, '\'', "&apos;");
-    String::replaceAll(escapedValue, '"', "&quot;");
-    attributes_[attribute] = escapedValue;
+    attributes_[attribute] = escapeAttributeValue(value);
 }
 
 void XMLElement::addNode(std::shared_ptr<XMLNode> node) {
diff --git a/Swiften/Serializer/XML/XMLElement.h b/Swiften/Serializer/XML/XMLElement.h
index 54de041..db74626 100644
--- a/Swiften/Serializer/XML/XMLElement.h
+++ b/Swiften/Serializer/XML/XMLElement.h
@@ -21,6 +21,7 @@ namespace Swift {
 
             XMLElement(const std::string& tag, const std::string& xmlns = "", const std::string& text = "");
 
+            static std::string escapeAttributeValue(std::string value);
             void setAttribute(const std::string& attribute, const std::string& value);
             void addNode(std::shared_ptr<XMLNode> node);
 
-- 
cgit v0.10.2-6-g49f6