xml builder: properly escape quotes

This commit is contained in:
William Pitcock 2019-05-12 19:04:37 +00:00
parent 582bd9d170
commit 80759f012e

View File

@ -35,6 +35,7 @@ defmodule Pleroma.XmlBuilder do
defp make_open_tag(tag, attributes) do defp make_open_tag(tag, attributes) do
attributes_string = attributes_string =
for {attribute, value} <- attributes do for {attribute, value} <- attributes do
value = String.replace(value, "\"", "&quot;")
"#{attribute}=\"#{value}\"" "#{attribute}=\"#{value}\""
end end
|> Enum.join(" ") |> Enum.join(" ")