From 5871bc6d69f427de8baa8eb32ae8d0bbcf398ead Mon Sep 17 00:00:00 2001
From: Brian Broll <brian.broll@vanderbilt.edu>
Date: Fri, 10 Nov 2017 11:25:02 -0600
Subject: [PATCH] Escape the contents and attributes of xml when serializing

---
 xml.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xml.js b/xml.js
index b80f5200..66df734a 100755
--- a/xml.js
+++ b/xml.js
@@ -238,7 +238,7 @@ XML_Element.prototype.toString = function (isFormatted, indentationLevel) {
     for (key in this.attributes) {
         if (Object.prototype.hasOwnProperty.call(this.attributes, key)
                 && this.attributes[key]) {
-            result += ' ' + key + '="' + this.attributes[key] + '"';
+            result += ' ' + key + '="' + this.escape(this.attributes[key]) + '"';
         }
     }
 
@@ -247,7 +247,7 @@ XML_Element.prototype.toString = function (isFormatted, indentationLevel) {
         result += '/>';
     } else {
         result += '>';
-        result += this.contents;
+        result += this.escape(this.contents);
         this.children.forEach(function (element) {
             if (isFormatted) {
                 result += '\n';