xml builder: properly escape quotes

diff --git a/lib/xml_builder.ex b/lib/xml_builder.ex
index 88f8ce2a37a0ca7f54bcc71e2e4f4588a95675db..b58602c7b7592f4ef3fa9ab218deaa90afbb05e6 100644 (file)
--- a/lib/xml_builder.ex
+++ b/lib/xml_builder.ex
@@ -35,6 +35,7 @@ defmodule Pleroma.XmlBuilder do
   defp make_open_tag(tag, attributes) do
     attributes_string =
       for {attribute, value} <- attributes do
+        value = String.replace(value, "\"", "&quot;")
         "#{attribute}=\"#{value}\""
       end
       |> Enum.join(" ")