From 11907e10c73883e5dcdaba11a093ef01c7ee2de8 Mon Sep 17 00:00:00 2001
From: Ralph Amissah <ralph@amissah.com>
Date: Sun, 27 Jan 2013 16:26:29 -0500
Subject: v4: check xml representation of characters (& < > in particular)

---
 lib/sisu/v4/epub_format.rb | 63 ++++++++++++++++++++++++++--------------------
 1 file changed, 36 insertions(+), 27 deletions(-)

(limited to 'lib/sisu/v4/epub_format.rb')

diff --git a/lib/sisu/v4/epub_format.rb b/lib/sisu/v4/epub_format.rb
index 84d32000..dd3273d0 100644
--- a/lib/sisu/v4/epub_format.rb
+++ b/lib/sisu/v4/epub_format.rb
@@ -1217,6 +1217,18 @@ module SiSU_EPUB_Format
       WOK
     end
   end
+  module SanitizeXML
+    def self.xml(x)
+      if x.is_a?(String)
+        x.gsub(/&/,'&amp;').
+          gsub(/</,'&lt;').gsub(/>/,'&gt;').
+          #gsub(/</,'&#60;').gsub(/>/,'&#62;').
+          gsub(/\\\\/,'<br />').
+          gsub(/&lt;br(?: \/)?&gt;/,'<br />')
+      else x
+      end
+    end
+  end
   class HeadInformation
     include SiSU_Viz
     attr_reader :md,:rdf,:vz
@@ -1347,10 +1359,12 @@ output_epub_cont_seg.close
       end
       def head
         depth=@md.lvs[1] + @md.lvs[2] + @md.lvs[3] + @md.lvs[4]
+        title=SanitizeXML.xml(@md.title.full)
+        author=SanitizeXML.xml(@md.author)
         <<-WOK
     <!-- four required metadata items (for all NCX documents,
       (including the relaxed constraints of OPS 2.0) -->
-    <title>#{@md.title.full} by #{@md.author}</title>
+    <title>#{title} by #{author}</title>
     <link href="css/xhtml.css" rel="stylesheet" type="text/css" id="main-css" />
     <meta name="dtb:uid" content="urn:uuid:#{@md.dgst[1]}" />
     <!-- <meta name="epub-creator" content="#{@md.publisher}" /> -->
@@ -1365,16 +1379,18 @@ output_epub_cont_seg.close
         WOK
       end
       def doc_title
+        txt=SanitizeXML.xml(@md.title.full)
         <<-WOK
   <docTitle>
-    <text>#{@md.title.full}</text>
+    <text>#{txt}</text>
   </docTitle>
         WOK
       end
       def doc_author
+        txt=SanitizeXML.xml(@md.author)
         <<-WOK
   <docAuthor>
-    <text>#{@md.author}</text>
+    <text>#{txt}</text>
   </docAuthor>
         WOK
       end
@@ -1466,12 +1482,10 @@ output_epub_cont_seg.close
             m=(m.empty?) \
             ? (surname + other_names)
             : (m + '; ' + surname + ', ' + other_names)
-            m=m.gsub(/</,'&lt;').gsub(/>/,'&gt;').
-              gsub(/&lt;br(?: \/)?&gt;/,';')
+            m=SanitizeXML.xml(m)
           end
           x=@md.creator.author.dup
-          x=x.gsub(/</,'&lt;').gsub(/>/,'&gt;').
-            gsub(/&lt;br(?: \/)?&gt;/,'<br />')
+          x=SanitizeXML.xml(x)
           %{\n    <dc:creator opf:file-as="#{m}" opf:role="aut">#{x}</dc:creator>}
         else ''
         end
@@ -1488,12 +1502,10 @@ output_epub_cont_seg.close
             m=(m.empty?) \
             ? (surname + other_names)
             : (m + '; ' + surname + ', ' + other_names)
-            m=m.gsub(/</,'&lt;').gsub(/>/,'&gt;').
-              gsub(/&lt;br(?: \/)?&gt;/,';')
+            m=SanitizeXML.xml(m)
           end
           x=@md.creator.editor.dup
-          x=x.gsub(/</,'&lt;').gsub(/>/,'&gt;').
-            gsub(/&lt;br(?: \/)?&gt;/,'<br />')
+          x=SanitizeXML.xml(x)
           %{\n    <dc:creator opf:file-as="#{m}" opf:role="edt">#{x}</dc:creator>}
         else ''
         end
@@ -1510,12 +1522,10 @@ output_epub_cont_seg.close
             m=(m.empty?) \
             ? (surname + other_names)
             : (m + '; ' + surname + ', ' + other_names)
-            m=m.gsub(/</,'&lt;').gsub(/>/,'&gt;').
-              gsub(/&lt;br(?: \/)?&gt;/,';')
+            m=SanitizeXML.xml(m)
           end
           x=@md.creator.translator.dup
-          x=x.gsub(/</,'&lt;').gsub(/>/,'&gt;').
-            gsub(/&lt;br(?: \/)?&gt;/,'<br />')
+          x=SanitizeXML.xml(x)
           %{\n    <dc:creator opf:file-as="#{m}" opf:role="trl">#{x}</dc:creator>}
         else ''
         end
@@ -1532,28 +1542,24 @@ output_epub_cont_seg.close
             m=(m.empty?) \
             ? (surname + other_names)
             : (m + '; ' + surname + ', ' + other_names)
-            m=m.gsub(/</,'&lt;').gsub(/>/,'&gt;').
-              gsub(/&lt;br(?: \/)?&gt;/,';')
+            m=SanitizeXML.xml(m)
           end
           x=@md.creator.illustrator.dup
-          x=x.gsub(/</,'&lt;').gsub(/>/,'&gt;').
-            gsub(/&lt;br(?: \/)?&gt;/,'<br />')
+          x=SanitizeXML.xml(x)
           %{\n    <dc:creator opf:file-as="#{m}" opf:role="ill">#{x}</dc:creator>}
         else ''
         end
         date_published=if defined? @md.date.published \
         and @md.date.published =~/\S+/
           x=@md.date.published.dup
-          x=x.gsub(/</,'&lt;').gsub(/>/,'&gt;').
-            gsub(/&lt;br(?: \/)?&gt;/,'<br />')
+          x=SanitizeXML.xml(x)
           %{\n    <dc:date opf:event="published">#{x}</dc:date>}
         else ''
         end
         subject=if defined? @md.classify.subject \
         and @md.classify.subject =~/\S+/
           x=@md.classify.subject.dup
-          x=x.gsub(/</,'&lt;').gsub(/>/,'&gt;').
-            gsub(/&lt;br(?: \/)?&gt;/,'<br />')
+          x=SanitizeXML.xml(x)
           %{\n    <dc:subject>#{x}</dc:subject>}
         else ''
         end
@@ -1565,7 +1571,7 @@ output_epub_cont_seg.close
         end
         rights=if defined? @md.rights.all \
         and @md.rights.all =~/\S+/
-          rights=@md.rights.all.gsub(/<br>/,'<br />')
+          rights=SanitizeXML.xml(@md.rights.all)
           %{\n    <dc:rights>#{rights}</dc:rights>}
         else ''
         end
@@ -1750,9 +1756,8 @@ output_epub_cont_seg.close
     end
     def rights
       def all
-        rghts=@md.rights.all.gsub(/<br>/,'<br />')
-        rghts=rghts.gsub(/^\s*Copyright\s+\(C\)/,'Copyright <sup>&copy;</sup>&nbsp;')
-        %{<p class="small_left">Rights: #{rghts}</p>}
+        rights=SanitizeXML.xml(@md.rights.all)
+        %{<p class="small_left">Rights: #{rights}</p>}
       end
       self
     end
@@ -2068,15 +2073,19 @@ output_epub_cont_seg.close
 #{@vz.table_close}}
     end
     def toc_head_copy_at
+      @txt=SanitizeXML.xml(@txt)
       %{<p class="center">#{@txt}</p>\n}
     end
     def center
+      @txt=SanitizeXML.xml(@txt)
       %{<p class="center">#{@txt}</p>\n}
     end
     def bold
+      @txt=SanitizeXML.xml(@txt)
       %{<p class="bold">#{@txt}</p>\n}
     end
     def center_bold
+      @txt=SanitizeXML.xml(@txt)
       %{<p class="centerbold">#{@txt}</p>\n}
     end
   end
-- 
cgit v1.2.3