From f3f9dbe265b60f9a211d7a81d33105d5f3c5fc9e Mon Sep 17 00:00:00 2001 From: Andy Janata Date: Tue, 14 Feb 2017 20:27:01 -0800 Subject: [PATCH] escape the set name and description too --- .../java/net/socialgamer/cah/cardcast/CardcastService.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/net/socialgamer/cah/cardcast/CardcastService.java b/src/main/java/net/socialgamer/cah/cardcast/CardcastService.java index bdc228c..602e803 100644 --- a/src/main/java/net/socialgamer/cah/cardcast/CardcastService.java +++ b/src/main/java/net/socialgamer/cah/cardcast/CardcastService.java @@ -140,7 +140,8 @@ public class CardcastService { cacheMissingSet(setId); return null; } - final CardcastDeck deck = new CardcastDeck(name, setId, description); + final CardcastDeck deck = new CardcastDeck(StringEscapeUtils.escapeXml11(name), setId, + StringEscapeUtils.escapeXml11(description)); // load up the cards final JSONArray blacks = (JSONArray) cards.get("calls");