Escape special characters in chart `StrVal`

So that, for example, pie charts can render with labels that include an ampersand
author: Clark Cutler <[email protected]> 2015-09-22 16:49:03 -0700
committer: Clark Cutler <[email protected]> 2015-09-22 17:07:07 -0700
commit: d85eb0160f3d2ff9ff283a9db4f63925d23694c1 (patch)
tree: b99b98b2fd89e2d31261385158c411ee685d3665 /lib
parent: 58ecbb50a8e569c613e8e7e30c0c241f30fcb812 (diff)
download: caxlsx-d85eb0160f3d2ff9ff283a9db4f63925d23694c1.tar.gz
caxlsx-d85eb0160f3d2ff9ff283a9db4f63925d23694c1.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/axlsx/drawing/str_val.rb b/lib/axlsx/drawing/str_val.rb
index 10a4fe91..0687833e 100644
--- a/lib/axlsx/drawing/str_val.rb
+++ b/lib/axlsx/drawing/str_val.rb
@@ -27,7 +27,7 @@ module Axlsx
     def to_xml_string(idx, str = "")
       Axlsx::validate_unsigned_int(idx)
       if !v.to_s.empty?
-        str << ('<c:pt idx="' << idx.to_s << '"><c:v>' << v.to_s << '</c:v></c:pt>')
+        str << ('<c:pt idx="' << idx.to_s << '"><c:v>' << ::CGI.escapeHTML(v.to_s) << '</c:v></c:pt>')
       end
     end
   end
author	Clark Cutler <[email protected]>	2015-09-22 16:49:03 -0700
committer	Clark Cutler <[email protected]>	2015-09-22 17:07:07 -0700
commit	d85eb0160f3d2ff9ff283a9db4f63925d23694c1 (patch)
tree	b99b98b2fd89e2d31261385158c411ee685d3665 /lib
parent	58ecbb50a8e569c613e8e7e30c0c241f30fcb812 (diff)
download	caxlsx-d85eb0160f3d2ff9ff283a9db4f63925d23694c1.tar.gz caxlsx-d85eb0160f3d2ff9ff283a9db4f63925d23694c1.zip