s434730/RandomSec
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Escape cell data for HTML - fixes #1049

Browse Source
This commit is contained in:
Tom Morris 2015-10-16 15:29:28 -04:00
parent c74fce0180
commit e3858da843
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
main/src/com/google/refine/exporters/HtmlTableExporter.java
View File

@ -102,10 +102,11 @@ public class HtmlTableExporter implements WriterExporter {
if (cellData != null && cellData.text != null) { if (cellData != null && cellData.text != null) {
if (cellData.link != null) { if (cellData.link != null) {
writer.write("<a href=\""); writer.write("<a href=\"");
// TODO: The escape below looks wrong, but is probably harmless in most cases
writer.write(StringEscapeUtils.escapeHtml(cellData.link)); writer.write(StringEscapeUtils.escapeHtml(cellData.link));
writer.write("\">"); writer.write("\">");
} }
writer.write(cellData.text); writer.write(StringEscapeUtils.escapeXml(cellData.text));
if (cellData.link != null) { if (cellData.link != null) {
writer.write("</a>"); writer.write("</a>");
} }