| 11010 | {} |
| 11011 | |
| 11012 | void XmlEncode::encodeTo( std::ostream& os ) const { |
| 11013 | // Apostrophe escaping not necessary if we always use " to write attributes |
| 11014 | // (see: http://www.w3.org/TR/xml/#syntax) |
| 11015 | |
| 11016 | for( std::size_t idx = 0; idx < m_str.size(); ++ idx ) { |
| 11017 | uchar c = m_str[idx]; |
| 11018 | switch (c) { |
| 11019 | case '<': os << "<"; break; |
| 11020 | case '&': os << "&"; break; |
| 11021 | |
| 11022 | case '>': |
| 11023 | // See: http://www.w3.org/TR/xml/#syntax |
| 11024 | if (idx > 2 && m_str[idx - 1] == ']' && m_str[idx - 2] == ']') |
| 11025 | os << ">"; |
| 11026 | else |
| 11027 | os << c; |
| 11028 | break; |
| 11029 | |
| 11030 | case '\"': |
| 11031 | if (m_forWhat == ForAttributes) |
| 11032 | os << """; |
| 11033 | else |
| 11034 | os << c; |
| 11035 | break; |
| 11036 | |
| 11037 | default: |
| 11038 | // Check for control characters and invalid utf-8 |
| 11039 | |
| 11040 | // Escape control characters in standard ascii |
| 11041 | // see http://stackoverflow.com/questions/404107/why-are-control-characters-illegal-in-xml-1-0 |
| 11042 | if (c < 0x09 || (c > 0x0D && c < 0x20) || c == 0x7F) { |
| 11043 | hexEscapeChar(os, c); |
| 11044 | break; |
| 11045 | } |
| 11046 | |
| 11047 | // Plain ASCII: Write it to stream |
| 11048 | if (c < 0x7F) { |
| 11049 | os << c; |
| 11050 | break; |
| 11051 | } |
| 11052 | |
| 11053 | // UTF-8 territory |
| 11054 | // Check if the encoding is valid and if it is not, hex escape bytes. |
| 11055 | // Important: We do not check the exact decoded values for validity, only the encoding format |
| 11056 | // First check that this bytes is a valid lead byte: |
| 11057 | // This means that it is not encoded as 1111 1XXX |
| 11058 | // Or as 10XX XXXX |
| 11059 | if (c < 0xC0 || |
| 11060 | c >= 0xF8) { |
| 11061 | hexEscapeChar(os, c); |
| 11062 | break; |
| 11063 | } |
| 11064 | |
| 11065 | auto encBytes = trailingBytes(c); |
| 11066 | // Are there enough bytes left to avoid accessing out-of-bounds memory? |
| 11067 | if (idx + encBytes - 1 >= m_str.size()) { |
| 11068 | hexEscapeChar(os, c); |
| 11069 | break; |
no test coverage detected