diff --git a/encoding/gxml/gxml.go b/encoding/gxml/gxml.go index 2b462de2d..f28d3dbc4 100644 --- a/encoding/gxml/gxml.go +++ b/encoding/gxml/gxml.go @@ -49,6 +49,27 @@ func DecodeWithoutRoot(content []byte) (map[string]interface{}, error) { return m, nil } +// XMLEscapeChars forces escaping invalid characters in attribute and element values. +// NOTE: this is brute force with NO interrogation of '&' being escaped already; if it is +// then '&' will be re-escaped as '&amp;'. +// +/* + The values are: + " " + ' ' + < < + > > + & & +*/ +// +// Note: if XMLEscapeCharsDecoder(true) has been called - or the default, 'false,' value +// has been toggled to 'true' - then XMLEscapeChars(true) is ignored. If XMLEscapeChars(true) +// has already been called before XMLEscapeCharsDecoder(true), XMLEscapeChars(false) is called +// to turn escape encoding on mv.Xml, etc., to prevent double escaping ampersands, '&'. +func XMLEscapeChars(b ...bool) { + mxj.XMLEscapeChars(b...) +} + // Encode encodes map `m` to an XML format content as bytes. // The optional parameter `rootTag` is used to specify the XML root tag. func Encode(m map[string]interface{}, rootTag ...string) ([]byte, error) { diff --git a/encoding/gxml/gxml_z_unit_test.go b/encoding/gxml/gxml_z_unit_test.go index 28a8a993f..e519cda81 100644 --- a/encoding/gxml/gxml_z_unit_test.go +++ b/encoding/gxml/gxml_z_unit_test.go @@ -206,3 +206,28 @@ func TestErrCase(t *testing.T) { } }) } + +func Test_Issue3716(t *testing.T) { + gtest.C(t, func(t *gtest.T) { + var ( + xml = `I am a software developer & I love coding.john.doe@example.com<>&'"AAA` + m = map[string]interface{}{ + "Person": map[string]interface{}{ + "Name": "<>&'\"AAA", + "Email": "john.doe@example.com", + "Bio": "I am a software developer & I love coding.", + }, + } + ) + gxml.XMLEscapeChars(true) + defer gxml.XMLEscapeChars(false) + + xb, err := gxml.Encode(m) + t.AssertNil(err) + t.Assert(string(xb), xml) + + dm, err := gxml.Decode(xb) + t.AssertNil(err) + t.Assert(dm, m) + }) +}