From e6a403fb1c869e9c6a1b5edf3d5b99d3cff2cb98 Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Thu, 2 Jul 2015 09:16:21 +0200 Subject: [PATCH] Re-escape XML text in parseContentDepth() SMACK-680. --- .../org/jivesoftware/smack/util/PacketParserUtils.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/smack-core/src/main/java/org/jivesoftware/smack/util/PacketParserUtils.java b/smack-core/src/main/java/org/jivesoftware/smack/util/PacketParserUtils.java index ac5ea11b8..0dc960583 100644 --- a/smack-core/src/main/java/org/jivesoftware/smack/util/PacketParserUtils.java +++ b/smack-core/src/main/java/org/jivesoftware/smack/util/PacketParserUtils.java @@ -481,7 +481,7 @@ public class PacketParserUtils { } break; case XmlPullParser.TEXT: - xml.append(parser.getText()); + xml.escape(parser.getText()); break; } event = parser.next(); @@ -497,7 +497,12 @@ public class PacketParserUtils { // Only append the text if the parser is not on on an empty element' start tag. Empty elements are reported // twice, so in order to prevent duplication we only add their text when we are on their end tag. if (!(event == XmlPullParser.START_TAG && parser.isEmptyElementTag())) { - sb.append(parser.getText()); + CharSequence text = parser.getText(); + if (event == XmlPullParser.TEXT) { + // TODO the toString() can be removed in Smack 4.2. + text = StringUtils.escapeForXML(text.toString()); + } + sb.append(text); } if (event == XmlPullParser.END_TAG && parser.getDepth() <= depth) { break outerloop;