The sendImage method uses an XML string. This string is currently built by concatenating the attributes inside the template. These attributes are not properly escaped currently.
We should either leverage cherio to build the string or add some utilities to better handle XML.
The
sendImagemethod uses an XML string. This string is currently built by concatenating the attributes inside the template. These attributes are not properly escaped currently.We should either leverage cherio to build the string or add some utilities to better handle XML.