XML stream doesn't escape &, <, " (for MEF serialization)

rakhimov / scram

Probabilistic Risk Analysis Tool (fault tree analysis, event tree analysis, etc.)

https://scram-pra.org

GNU General Public License v3.0

139 stars 56 forks source link

XML stream doesn't escape &, <, " (for MEF serialization) #258

Closed rakhimov closed 6 years ago

rakhimov commented 6 years ago

On serialization of MEF elements, arbitrary strings may appear within attribute and text values (this is unlike reporting w/ XML stream where the strings are guaranteed to be sanitized). < and & need to be escaped within text and attribute values. " needs to be escaped only within attribute values.

The fix is likely to result in performance hit.

rakhimov commented 6 years ago

3-7% performance hit for reporting w/ XML stream.