Added XML-escaping of VOB filenames.

diff --git a/webdvd.cpp b/webdvd.cpp
index d0f2e05f3e8dd2f9718f4f47e9636f119828ee3d..cc47bd140eb026f2c5fa33452057ca8b65c77dad 100644 (file)
--- a/webdvd.cpp
+++ b/webdvd.cpp
@@ -142,6 +142,36 @@ namespace
        return result;
     }
 
+
+    std::string xml_escape(const std::string & str)
+    {
+       std::string result;
+       std::size_t begin = 0;
+
+       for (;;)
+       {
+           std::size_t end = str.find_first_of("\"&'<>", begin);
+           result.append(str, begin, end - begin);
+           if (end == std::string::npos)
+               return result;
+
+           const char * entity = NULL;
+           switch (str[end])
+           {
+           case '"':  entity = "&quot;"; break;
+           case '&':  entity = "&amp;";  break;
+           case '\'': entity = "&apos;"; break;
+           case '<':  entity = "&lt;";   break;
+           case '>':  entity = "&gt;";   break;
+           }
+           assert(entity);
+           result.append(entity);
+
+           begin = end + 1;
+       }
+    }
+
+    
     struct dvd_contents
     {
        enum pgc_type { menu_pgc, title_pgc };
@@ -171,7 +201,7 @@ namespace
        std::vector<menu> menus;
        std::vector<title> titles;
     };
-    
+
     class webdvd_window : public Gtk::Window
     {
     public:
@@ -280,8 +310,7 @@ namespace
                        filename + " is missing or not a regular file");
                vob_list
                    .append("<vob file='")
-                   // FIXME: Should XML-escape the path
-                   .append(filename)
+                   .append(xml_escape(filename))
                    .append("'/>\n");
            }
            else