X-Git-Url: http://git.squeep.com/?p=websub-hub;a=blobdiff_plain;f=src%2Ftemplate%2Ftemplate-helper.js;h=a3e113179928d3a878400c9b9c513961a930f2c9;hp=bb4dad1e3f574f2332683c9e4bc990c9bc98b3a2;hb=737fbd003d5c4dfea81b667ef906f1c106a60612;hpb=17b4ff9c1974842c02071d2cd02144d2e5a99eb5

diff --git a/src/template/template-helper.js b/src/template/template-helper.js
index bb4dad1..a3e1131 100644
--- a/src/template/template-helper.js
+++ b/src/template/template-helper.js
@@ -2,7 +2,6 @@
 
 const { TemplateHelper } = require('@squeep/html-template-helper');
 
-
 /**
  * Render a topic as a row of details.
  * @param {Object} topic
@@ -112,7 +111,29 @@ function renderSubscriptionRowHeader() {
 }
 
 
+/**
+ * Escape some xml things in strings.
+ * @param {String} string
+ */
+function xmlEscape(string) {
+  if (typeof string === 'number') {
+    return string;
+  }
+  if (typeof string !== 'string') {
+    return undefined;
+  }
+  // eslint-disable-next-line security/detect-object-injection
+  return string.replace(/[<>&'"]/, (c) => ({
+    '<': '&lt;',
+    '>': '&gt;',
+    '&': '&amp;',
+    '\'': '&apos;',
+    '"': '&quot;',
+  }[c]));
+}
+
 module.exports = Object.assign(Object.create(TemplateHelper), {
+  xmlEscape,
   renderTopicRowHeader,
   renderTopicRow,
   renderSubscriptionRowHeader,