From f11c7a49e3b87ea00c84e408bf7c69ab7fbd30c1 Mon Sep 17 00:00:00 2001
From: Matthias Andreas Benkard <code@mail.matthias.benkard.de>
Date: Sun, 1 Mar 2009 17:40:26 +0100
Subject: Defensively escape XML text.

---
 cljssss-g.clj | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'cljssss-g.clj')

diff --git a/cljssss-g.clj b/cljssss-g.clj
index b473cb6..d919abc 100644
--- a/cljssss-g.clj
+++ b/cljssss-g.clj
@@ -185,7 +185,9 @@ to merely being replaced with a div element)?"
 
 (defn escape-xml [string]
   (str-utils/re-gsub #"<" "&#60;"
-                     (str-utils/re-gsub #">" "&#62;" string)))
+                     (str-utils/re-gsub #">" "&#62;"
+                                        (str-utils/re-gsub #"&" "&#38;"
+                                                           string))))
 
 (defn escape-string [string]
   (str-utils/re-gsub #"\"" "\\\\\"" string))
-- 
cgit v1.2.3