Make sure to escape parameter values since they are pass as XML attributes

2013-08-23 08:43:02 -05:00
parent d6f3b64982
commit a042ff1e06
1 changed files with 14 additions and 2 deletions
--- a/src/main/java/com/rackspace/cloud/api/docs/CalabashHelper.java
+++ b/src/main/java/com/rackspace/cloud/api/docs/CalabashHelper.java
@@ -51,9 +51,9 @@ public class CalabashHelper {

                strBuff
                    .append("<c:param name=\"")
-                    .append(entry.getKey())
+                    .append(escapeXmlAttribute(entry.getKey()))
                    .append("\" namespace=\"\" value=\"")
-                    .append(rawValue)
+                    .append(escapeXmlAttribute(rawValue))
                    .append("\"/>");
            }
        }
@@ -74,6 +74,18 @@ public class CalabashHelper {
        return sources.get(0);
    }

+    private static String escapeXmlAttribute(String value) {
+        if (value == null) {
+            return "";
+        }
+
+        return value
+            .replace("&", "&amp;")
+            .replace("\"", "&quot;")
+            .replace("'", "&apos;")
+            .replace("%", "&#37;");
+    }
+
    /**
     * Creates a {@link Source} for use in a Calabash pipeline.
     *