From f18cdbbeaef23ce55194b42c1f7ef9c1fc966abc Mon Sep 17 00:00:00 2001
From: Brett Zamir <brettz9@gmail.com>
Date: Wed, 12 Feb 2014 10:10:56 +0000
Subject: [PATCH] Fix issue 1174 reported by psh.tnt re: XML entity escaping
 (within attributes); updated test as well

git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2696 eee81c28-f429-11dd-99c0-75d572ba1ddd
---
 editor/svgutils.js      | 4 +++-
 test/svgutils_test.html | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/editor/svgutils.js b/editor/svgutils.js
index 1a1bcd49..48876a35 100644
--- a/editor/svgutils.js
+++ b/editor/svgutils.js
@@ -55,7 +55,9 @@ svgedit.utilities.init = function(editorContext) {
 // Returns:
 // The converted string
 svgedit.utilities.toXml = function(str) {
-	return $('<p/>').text(str).html();
+	// &apos; is ok in XML, but not HTML
+	// &gt; does not normally need escaping, though it can if within a CDATA expression (and preceded by "]]")
+	return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/, '&#x27;');
 };
 
 // Function: svgedit.utilities.fromXml
diff --git a/test/svgutils_test.html b/test/svgutils_test.html
index 73ff5ba5..0063ba03 100644
--- a/test/svgutils_test.html
+++ b/test/svgutils_test.html
@@ -41,7 +41,7 @@
       equals(toXml('PB&J'), 'PB&amp;J');
       equals(toXml('2 < 5'), '2 &lt; 5');
       equals(toXml('5 > 2'), '5 &gt; 2');
-      equals(toXml('\'<&>"'), '\'&lt;&amp;&gt;"');
+      equals(toXml('\'<&>"'), '&#x27;&lt;&amp;&gt;&quot;');
     });
 
     test('Test svgedit.utilities.fromXml() function', function() {