Use HTML.escape to escape XML

2026-05-01 00:00:55 -04:00 · 2020-07-01 13:27:30 +00:00
parent f5cdf8b7b6
commit 1725f42698
3 changed files with 4 additions and 14 deletions
@@ -153,16 +153,6 @@ def ctime(file_path : String) : Time
  {% end %}
 end
 def escape_xml(str)
  str.gsub({
    '>'  => "&gt;",
    '<'  => "&lt;",
    '"'  => "&quot;",
    '\'' => "&apos;",
    '&'  => "&amp;",
  })
 end
 def register_mime_types
  {
    ".zip" => "application/zip",
@@ -14,7 +14,7 @@
  <% titles.each do |t| %>
    <entry>
-      <title><%= escape_xml(t.display_name) %></title>
+      <title><%= HTML.escape(t.display_name) %></title>
      <id>urn:mango:<%= t.id %></id>
      <link type="application/atom+xml;profile=opds-catalog;kind=navigation" rel="subsection" href="<%= base_url %>opds/book/<%= t.id %>" />
    </entry>
@@ -5,7 +5,7 @@
  <link rel="self" href="<%= base_url %>opds/book/<%= title.id %>" type="application/atom+xml;profile=opds-catalog;kind=navigation" />
  <link rel="start" href="<%= base_url %>opds/" type="application/atom+xml;profile=opds-catalog;kind=navigation" />
-  <title><%= escape_xml(title.display_name) %></title>
+  <title><%= HTML.escape(title.display_name) %></title>
  <author>
    <name>Mango</name>
@@ -14,7 +14,7 @@
  <% title.titles.each do |t| %>
    <entry>
-      <title><%= escape_xml(t.display_name) %></title>
+      <title><%= HTML.escape(t.display_name) %></title>
      <id>urn:mango:<%= t.id %></id>
      <link type="application/atom+xml;profile=opds-catalog;kind=navigation" rel="subsection" href="<%= base_url %>opds/book/<%= t.id %>" />
    </entry>
@@ -22,7 +22,7 @@
  <% title.entries.each do |e| %>
    <entry>
-      <title><%= escape_xml(e.display_name) %></title>
+      <title><%= HTML.escape(e.display_name) %></title>
      <id>urn:mango:<%= e.id %></id>
      <link rel="http://opds-spec.org/image" href="<%= e.cover_url %>" />