Safer XHTML escape

git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2665 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-01 17:00:36 +00:00 · 2014-02-01 17:00:36 +00:00 · adbec3e33e
parent 506db8ce30
commit adbec3e33e
1 changed files with 1 additions and 1 deletions
--- a/editor/extensions/ext-server_opensave.js
+++ b/editor/extensions/ext-server_opensave.js
@ -17,7 +17,7 @@ svgEditor.addExtension("server_opensave", {
 			return $.trim(title).replace(/[\/\\:*?"<>|]/g, '_');
 		}
 		function xhtmlEscape(str) {
-			return str.replace(/&/g, '&amp;').replace(/"/g, '&quot;').replace(/</g, '&lt;'); // < is actually disallowed above anyways
+			return str.replace(/&(?!amp;)/g, '&amp;').replace(/"/g, '&quot;').replace(/</g, '&lt;'); // < is actually disallowed above anyways
 		}
 		function clientDownloadSupport (filename, suffix, uri) {
 			var a,