[lmi-commits] [6273] Escape XML special characters

lmi-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lmi-commits] [6273] Escape XML special characters

From:	Greg Chicares
Subject:	[lmi-commits] [6273] Escape XML special characters
Date:	Fri, 28 Aug 2015 16:45:39 +0000

Revision: 6273
          http://svn.sv.gnu.org/viewvc/?view=rev&root=lmi&revision=6273
Author:   chicares
Date:     2015-08-28 16:45:38 +0000 (Fri, 28 Aug 2015)
Log Message:
-----------
Escape XML special characters

Modified Paths:
--------------
    lmi/trunk/ChangeLog
    lmi/trunk/group_quote_pdf_gen_wx.cpp

Modified: lmi/trunk/ChangeLog
===================================================================
--- lmi/trunk/ChangeLog 2015-08-28 15:41:39 UTC (rev 6272)
+++ lmi/trunk/ChangeLog 2015-08-28 16:45:38 UTC (rev 6273)
@@ -36735,3 +36735,9 @@
 Improve divers names. See:
   http://lists.nongnu.org/archive/html/lmi/2015-08/msg00055.html
 
+20150828T1645Z <address@hidden> [477]
+
+  group_quote_pdf_gen_wx.cpp
+Escape XML special characters. See:
+  http://lists.nongnu.org/archive/html/lmi/2015-08/msg00056.html
+

Modified: lmi/trunk/group_quote_pdf_gen_wx.cpp
===================================================================
--- lmi/trunk/group_quote_pdf_gen_wx.cpp        2015-08-28 15:41:39 UTC (rev 
6272)
+++ lmi/trunk/group_quote_pdf_gen_wx.cpp        2015-08-28 16:45:38 UTC (rev 
6273)
@@ -63,6 +63,28 @@
     ,e_output_measure_only
     };
 
+/// Escape special XML characters in the given string, ensuring that it appears
+/// correctly inside HTML element contents. Notice that we don't need to escape
+/// quotes here as we never use the result of this function inside an HTML
+/// attribute, only inside HTML elements.
+
+wxString escape_for_html_elem(std::string const& s)
+{
+    wxString z;
+    z.reserve(s.length());
+    for(std::string::const_iterator i = s.begin(); i != s.end(); ++i)
+        {
+        switch(*i)
+            {
+            case '<': z += "&lt;" ; break;
+            case '>': z += "&gt;" ; break;
+            case '&': z += "&amp;"; break;
+            default : z += *i     ;
+            }
+        }
+    return z;
+}
+
 /// Load the image from the given file. Throw on failure.
 
 wxImage load_image(char const* file)
@@ -327,7 +349,9 @@
     LedgerInvariant const& Invar = ledger.GetLedgerInvariant();
 
     // Header and footer data must be the same for all ledgers.
-    // FIXME This needs to be asserted.
+    // FIXME This needs to be asserted. And leaving "Company"
+    // empty is a plausible user error that should be protected
+    // against by an assertion.
     if(report_data_.company_.empty())
         {
         report_data_.fill_global_report_data(Invar);
@@ -530,8 +554,8 @@
                 LMI_ASSERT(header.find("%s") != std::string::npos);
 
                 header = wxString::Format
-                            (wxString(header), report_data_.premium_mode_
-                            ).ToStdString();
+                    (wxString(header), report_data_.premium_mode_
+                    ).ToStdString();
                 }
                 break;
             case e_col_max:
@@ -696,6 +720,7 @@
     wxDCFontChanger set_bigger_font(pdf_dc, pdf_dc.GetFont().Scaled(1.5));
     wxDCTextColourChanger set_white_text(pdf_dc, *wxWHITE);
 
+    // FIXME Specification change: use product description here, not company_.
     wxString const image_text
         (report_data_.company_
          + "\nPremium & Benefit Summary"
@@ -731,9 +756,9 @@
          "<td align=\"center\"><i>Prepared By: %s</i></td>"
          "</tr>"
          "</table>"
-        ,report_data_.company_
+        ,escape_for_html_elem(report_data_.company_)
         ,wxDateTime::Today().FormatDate()
-        ,report_data_.prepared_by_
+        ,escape_for_html_elem(report_data_.prepared_by_)
         );
 
     output_html(html_parser, horz_margin, *pos_y, page_.width_ / 2, 
title_html);
@@ -771,12 +796,12 @@
          "</tr>"
          "</table>"
         ,wxDateTime::Today().FormatDate()
-        ,report_data_.plan_type_
-        ,report_data_.guarantee_issue_max_
-        ,report_data_.premium_mode_
-        ,report_data_.product_
-        ,report_data_.contract_state_
-        ,report_data_.available_riders_
+        ,escape_for_html_elem(report_data_.plan_type_)
+        ,escape_for_html_elem(report_data_.guarantee_issue_max_)
+        ,escape_for_html_elem(report_data_.premium_mode_)
+        ,escape_for_html_elem(report_data_.product_)
+        ,escape_for_html_elem(report_data_.contract_state_)
+        ,escape_for_html_elem(report_data_.available_riders_)
         ,row_num_ - 1 // "- 1": don't count the composite.
         );
 
@@ -913,7 +938,7 @@
         *pos_y += logo_image.GetSize().y + vert_skip;
         }
 
-    wxString const footer_html = "<p>" + report_data_.footer_ + "</p>";
+    wxString const footer_html = "<p>" + 
escape_for_html_elem(report_data_.footer_) + "</p>";
 
     *pos_y += output_html
         (html_parser

[Prev in Thread]

Current Thread

[Next in Thread]

[lmi-commits] [6273] Escape XML special characters, Greg Chicares <=

Prev by Date: [lmi-commits] [6272] Improve divers names
Next by Date: [lmi-commits] [6274] Improve comprehensibility
Previous by thread: [lmi-commits] [6272] Improve divers names
Next by thread: [lmi-commits] [6274] Improve comprehensibility
Index(es):
- Date
- Thread