From 48a1078a853197466cbbc134634a8673d801c8a1 Mon Sep 17 00:00:00 2001
From: Bent Bisballe Nyeng <deva@aasimon.org>
Date: Sun, 17 Jun 2018 10:20:45 +0200
Subject: Sanitize strings in the xml output.

---
 test/dgunit.h | 35 +++++++++++++++++++++++++++++++----
 1 file changed, 31 insertions(+), 4 deletions(-)

diff --git a/test/dgunit.h b/test/dgunit.h
index 358c70d..6717310 100644
--- a/test/dgunit.h
+++ b/test/dgunit.h
@@ -120,13 +120,13 @@ public:
 		for(auto test : failed_tests)
 		{
 			out << "		<FailedTest id=\"" << test.id << "\">\n";
-			out << "			<Name>" << test.func << "</Name>\n";
+			out << "			<Name>" << sanitize(test.func) << "</Name>\n";
 			out << "			<FailureType>Assertion</FailureType>\n";
 			out << "			<Location>\n";
-			out << "				<File>" << test.file << "</File>\n";
+			out << "				<File>" << sanitize(test.file) << "</File>\n";
 			out << "				<Line>" << test.line << "</Line>\n";
 			out << "			</Location>\n";
-			out << "			<Message>" << test.msg << "</Message>\n";
+			out << "			<Message>" << sanitize(test.msg) << "</Message>\n";
 			out << "		</FailedTest>\n";
 		}
 		out << "	</FailedTests>\n";
@@ -134,7 +134,7 @@ public:
 		for(auto test : successful_tests)
 		{
 			out << "		<Test id=\"" << test.id << "\">\n";
-			out << "			<Name>" << test.func << "</Name>\n";
+			out << "			<Name>" << sanitize(test.func) << "</Name>\n";
 			out << "		</Test>\n";
 
 		}
@@ -204,6 +204,33 @@ protected:
 		assert_equal(expected, value, __FILE__, __LINE__)
 
 private:
+	static std::string sanitize(const std::string& input)
+	{
+		std::string output;
+		for(auto c : input)
+		{
+			switch(c)
+			{
+			case '"':
+				output += "&quot;";
+				break;
+			case '&':
+				output += "&amp;";
+				break;
+			case '<':
+				output += "&lt;";
+				break;
+			case '>':
+				output += "&gt;";
+				break;
+			default:
+				output += c;
+				break;
+			}
+		}
+		return output;
+	}
+
 	static DGUnit* suite_list;
 	DGUnit* next_unit{nullptr};
 	std::vector<std::pair<std::function<void()>, const char*>> tests;
-- 
cgit v1.2.3