Don't use HTML entities in XML
authorJeff Godin <jgodin@tadl.org>
Thu, 15 May 2014 15:52:06 +0000 (11:52 -0400)
committerJeff Godin <jgodin@tadl.org>
Thu, 15 May 2014 18:50:22 +0000 (14:50 -0400)
Not all HTML entities are valid (built-in) XML entities. Don't try
to use HTML entities in XML.

Instead (until the TODO of "Move away from heredocs for generating
XML" is completed), use a naive sub to replace only ampersand,
greater than, and less than.

Signed-off-by: Jeff Godin <jgodin@tadl.org>
iNCIPit.cgi

index 6c793c4..478f9e5 100644 (file)
@@ -871,9 +871,9 @@ sub item_request {
 
     # Avoid generating invalid XML responses by encoding title/author/callnumber
     # TODO: Move away from heredocs for generating XML
-       $title  = HTML::Entities::encode($title);
-       $author = HTML::Entities::encode($author);
-       $callnumber = HTML::Entities::encode($callnumber);
+       $title      = _naive_encode_xml($title);
+       $author     = _naive_encode_xml($author);
+       $callnumber = _naive_encode_xml($callnumber);
 
     my $hd = <<ITEMREQ;
 Content-type: text/xml
@@ -1790,3 +1790,13 @@ sub flesh_user {
       ->gather(1);
     return $response;
 }
+
+sub _naive_encode_xml {
+    my $val = shift;
+
+    $val =~ s/&/&amp;/g;
+    $val =~ s/</&lt;/g;
+    $val =~ s/>/&gt;/g;
+
+    return $val;
+}