Merges #58

Author: c4milo

Makefile

@@ -0,0 +1,7 @@
+test:
+	node test/test.js
+
+deps:
+	npm install .
+
+.PHONY: test deps

README.md

@@ -34,7 +34,7 @@ parser.toJson(xml, options);
 parser.toXml(json);
 ```
 
-### Options object
+### Options object for `toJson`
 
 Default values:
 ```javascript
@@ -68,7 +68,16 @@ var chars =  {
 };
 ```
 
+### Options object for `toXml`
 
+Default values:
+```javascript
+var options = {
+    sanitize: false
+};
+```
+
+`sanitize: false` is the default option to behave like previous versions
 
 
 (*) xml2json tranforms CDATA content to JSON, but it doesn't generate a reversible structure.

lib/json2xml.js

@@ -1,4 +1,6 @@
-module.exports = function toXml(json, xml) {
+var sanitizer = require('./sanitize.js')
+
+module.exports = function toXml(json, options) {
     if (json instanceof Buffer) {
         json = json.toString();
     }
@@ -13,7 +15,7 @@ module.exports = function toXml(json, xml) {
     } else {
         obj = json;
     }
-    var toXml = new ToXml();
+    var toXml = new ToXml(options);
     toXml.parse(obj);
     return toXml.xml;
 }
@@ -38,7 +40,7 @@ ToXml.prototype.parse = function(obj) {
                         self.addAttr(key, subVal);
                     }
                 }
-            })
+            });
         }
     }
 
@@ -73,6 +75,9 @@ ToXml.prototype.openTag = function(key) {
     this.tagIncomplete = true;
 }
 ToXml.prototype.addAttr = function(key, val) {
+	if (this.options.sanitize) {
+		val = sanitizer.sanitize(val)
+	}
     this.xml += ' ' + key + '="' + val + '"';
 }
 ToXml.prototype.addTextContent = function(text) {
@@ -89,7 +94,18 @@ ToXml.prototype.completeTag = function() {
         this.tagIncomplete = false;
     }
 }
-function ToXml() {
+function ToXml(options) {
+    var defaultOpts = {
+        sanitize: false
+    };
+
+	if (options) {
+		for (var opt in options) {
+			defaultOpts[opt] = options[opt];
+		}
+	}
+
+	this.options = defaultOpts;
     this.xml = '';
     this.tagIncomplete = false;
 }

lib/sanitize.js

@@ -0,0 +1,36 @@
+/**
+ * Simple sanitization. It is not intended to sanitize
+ * malicious element values.
+ *
+ * character | escaped
+ *      <       &lt;
+ *      >       &gt;
+ *      (       &#40;
+ *      )       &#41;
+ *      #       &#35;
+ *      &       &amp;
+ *      "       &quot;
+ *      '       &apos;
+ */
+var chars =  {
+	'<': '&lt;',
+    '>': '&gt;',
+    '(': '&#40;',
+    ')': '&#41;',
+    '#': '&#35;',
+    '&': '&amp;',
+    '"': '&quot;',
+    "'": '&apos;'
+};
+
+exports.sanitize = function sanitize(value) {
+    if (typeof value !== 'string') {
+        return value;
+    }
+
+    Object.keys(chars).forEach(function(key) {
+        value = value.replace(key, chars[key]);
+    });
+
+    return value;
+}

lib/xml2json.js

@@ -1,4 +1,5 @@
 var expat = require('node-expat');
+var sanitizer = require('./sanitize.js')
 
 // This object will hold the final result.
 var obj = {};
@@ -58,7 +59,7 @@ function text(data) {
     }
 
     if (options.sanitize) {
-        data = sanitize(data);
+        data = sanitizer.sanitize(data);
     }
 
     currentObject['$t'] = coerce((currentObject['$t'] || '') + data);
@@ -108,41 +109,6 @@ function coerce(value) {
 }
 
 
-/**
- * Simple sanitization. It is not intended to sanitize
- * malicious element values.
- *
- * character | escaped
- *      <       &lt;
- *      >       &gt;
- *      (       &#40;
- *      )       &#41;
- *      #       &#35;
- *      &       &amp;
- *      "       &quot;
- *      '       &apos;
- */
-var chars =  {  '<': '&lt;',
-                '>': '&gt;',
-                '(': '&#40;',
-                ')': '&#41;',
-                '#': '&#35;',
-                '&': '&amp;',
-                '"': '&quot;',
-                "'": '&apos;' };
-
-function sanitize(value) {
-    if (typeof value !== 'string') {
-        return value;
-    }
-
-    Object.keys(chars).forEach(function(key) {
-        value = value.replace(key, chars[key]);
-    });
-
-    return value;
-}
-
 /**
  * Parses xml to json using node-expat.
  * @param {String|Buffer} xml The xml to be parsed to json.

test/fixtures/xmlsanitize.json

@@ -0,0 +1 @@
+{"e":{"a":{"b":"Smith & Son"}}}

test/fixtures/xmlsanitize.xml

@@ -0,0 +1 @@
+<e><a b="Smith &amp; Son"></a></e>

test/test-xmlsanitize.js

@@ -0,0 +1,16 @@
+var fs = require('fs');
+var path = require('path');
+var parser = require('../lib');
+var assert = require('assert');
+
+var expected = fs.readFileSync(__dirname + '/fixtures/xmlsanitize.xml', {encoding: 'utf8'});
+//console.log("expected: " + expected)
+var json = parser.toJson(expected, {object: true, space: true});
+//console.log('xml => json: \n%j', json);
+
+var xmlres = parser.toXml(json, { sanitize: true });
+//console.log(xmlres)
+//assert.deepEqual(json.doc.Column.length, 5, 'should have 5 Columns');
+assert.strictEqual(expected, xmlres, 'xml strings not equal!')
+
+console.log('xml2json toXml sanitize passed!');