Escape special characters in charts (#40)

Fixes #37
author: Zsolt Kozaroczy <[email protected]> 2019-12-29 19:11:05 +0100
committer: Stefan Daschek <[email protected]> 2019-12-29 19:11:05 +0100
commit: e65ec48bc86379efed0c1b87a13bff14930416d5 (patch)
tree: acda1d6f5dbaccb828d2192c4f28cdac56c49785 /lib/axlsx/drawing/series_title.rb
parent: 0a223011a26949ddc00eba882005daee7afeb6a6 (diff)
download: caxlsx-e65ec48bc86379efed0c1b87a13bff14930416d5.tar.gz
caxlsx-e65ec48bc86379efed0c1b87a13bff14930416d5.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/axlsx/drawing/series_title.rb b/lib/axlsx/drawing/series_title.rb
index 9ef97304..2e730dea 100644
--- a/lib/axlsx/drawing/series_title.rb
+++ b/lib/axlsx/drawing/series_title.rb
@@ -7,13 +7,15 @@ module Axlsx
     # @param [String] str
     # @return [String]
     def to_xml_string(str = '')
+      clean_value = Axlsx::trust_input ? @text.to_s : ::CGI.escapeHTML(Axlsx::sanitize(@text.to_s))
+
       str << '<c:tx>'
       str << '<c:strRef>'
       str << ('<c:f>' << Axlsx::cell_range([@cell]) << '</c:f>')
       str << '<c:strCache>'
       str << '<c:ptCount val="1"/>'
       str << '<c:pt idx="0">'
-      str << ('<c:v>' << @text << '</c:v>')
+      str << ('<c:v>' << clean_value << '</c:v>')
       str << '</c:pt>'
       str << '</c:strCache>'
       str << '</c:strRef>'
author	Zsolt Kozaroczy <[email protected]>	2019-12-29 19:11:05 +0100
committer	Stefan Daschek <[email protected]>	2019-12-29 19:11:05 +0100
commit	e65ec48bc86379efed0c1b87a13bff14930416d5 (patch)
tree	acda1d6f5dbaccb828d2192c4f28cdac56c49785 /lib/axlsx/drawing/series_title.rb
parent	0a223011a26949ddc00eba882005daee7afeb6a6 (diff)
download	caxlsx-e65ec48bc86379efed0c1b87a13bff14930416d5.tar.gz caxlsx-e65ec48bc86379efed0c1b87a13bff14930416d5.zip