From: Darrick J. Wong <djwong@xxxxxxxxxx> Avoid trouble with the properties reported in the xml reports by translating xml-tricky characters in the property values into their xml entity equivalents. IOWs, if someone sets a property "NAME" to the value 'BOBBY"; DROP TABLES;', the xml will be formatted: <property name="NAME" value="BOBBY"; DROP TABLES;"/> Thus avoiding XML problems. Signed-off-by: Darrick J. Wong <djwong@xxxxxxxxxx> --- common/report | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/common/report b/common/report index 2ab83928db..946ee4887c 100644 --- a/common/report +++ b/common/report @@ -33,7 +33,10 @@ _xunit_add_property() test -z "$value" && return - echo -e "\t\t<property name=\"$name\" value=\"$value\"/>" + local xname="$(echo "$name" | encode_xml)" + local xvalue="$(echo "$value" | encode_xml)" + + echo -e "\t\t<property name=\"$xname\" value=\"$xvalue\"/>" } _xunit_make_section_report()
