From a52db679544d3777d7f33bd1f22bc965a9d79bb1 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Fri, 24 Apr 2020 18:56:00 +0000 Subject: xml escape --- src/api/s3_list.rs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'src/api') diff --git a/src/api/s3_list.rs b/src/api/s3_list.rs index 6004bff0..8b4703df 100644 --- a/src/api/s3_list.rs +++ b/src/api/s3_list.rs @@ -2,7 +2,7 @@ use std::collections::BTreeMap; use std::fmt::Write; use std::sync::Arc; -use chrono::{DateTime, NaiveDateTime, Utc, SecondsFormat}; +use chrono::{DateTime, NaiveDateTime, SecondsFormat, Utc}; use hyper::Response; use garage_util::error::Error; @@ -99,7 +99,7 @@ pub async fn handle_list( let last_modif = DateTime::::from_utc(last_modif, Utc); let last_modif = last_modif.to_rfc3339_opts(SecondsFormat::Millis, true); writeln!(&mut xml, "\t").unwrap(); - writeln!(&mut xml, "\t\t{}", key).unwrap(); + writeln!(&mut xml, "\t\t{}", xml_escape(key)).unwrap(); writeln!(&mut xml, "\t\t{}", last_modif).unwrap(); writeln!(&mut xml, "\t\t{}", info.size).unwrap(); writeln!(&mut xml, "\t\tSTANDARD").unwrap(); @@ -110,3 +110,9 @@ pub async fn handle_list( Ok(Response::new(Box::new(BytesBody::from(xml.into_bytes())))) } + +fn xml_escape(s: &str) -> String { + s.replace("<", "<") + .replace(">", ">") + .replace("\"", """) +} -- cgit v1.2.3