gdbus: properly escape introspection annotations

Make sure we escape any special characters that are found in annotation
names or values to avoid emitting a malformed XML document in response
to an Introspect call.

https://bugzilla.gnome.org/show_bug.cgi?id=721796

diff --git a/gio/gdbusintrospection.c b/gio/gdbusintrospection.c
index c5f80ec..0b61275 100644 (file)
--- a/gio/gdbusintrospection.c
+++ b/gio/gdbusintrospection.c
@@ -583,12 +583,15 @@ g_dbus_annotation_info_generate_xml (GDBusAnnotationInfo *info,
                                      guint                indent,
                                      GString             *string_builder)
 {
+  gchar *tmp;
   guint n;
 
-  g_string_append_printf (string_builder, "%*s<annotation name=\"%s\" value=\"%s\"",
-                          indent, "",
-                          info->key,
-                          info->value);
+  tmp = g_markup_printf_escaped ("%*s<annotation name=\"%s\" value=\"%s\"",
+                                 indent, "",
+                                 info->key,
+                                 info->value);
+  g_string_append (string_builder, tmp);
+  g_free (tmp);
 
   if (info->annotations == NULL)
     {