report: encode xml entities in property values

Avoid trouble with the properties reported in the xml reports by
translating xml-tricky characters in the property values into their xml
entity equivalents.

IOWs, if someone sets a property "NAME" to the value 'BOBBY"; DROP TABLES;',
the xml will be formatted:

	<property name="NAME" value="BOBBY&quot;; DROP TABLES;"/>

Thus avoiding XML problems.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Zorro Lang <zlang@redhat.com>
Signed-off-by: Zorro Lang <zlang@kernel.org>

diff --git a/common/report b/common/report
index 2ab83928db85da119c97d0caa5e1ac353864020a..946ee4887c1f7ec04ca7bdb3021ff91d2fe9aacf 100644 (file)
--- a/common/report
+++ b/common/report
@@ -33,7 +33,10 @@ _xunit_add_property()
 
        test -z "$value" && return
 
-       echo -e "\t\t<property name=\"$name\" value=\"$value\"/>"
+       local xname="$(echo "$name" | encode_xml)"
+       local xvalue="$(echo "$value" | encode_xml)"
+
+       echo -e "\t\t<property name=\"$xname\" value=\"$xvalue\"/>"
 }
 
 _xunit_make_section_report()