Add escape/unescape of " & < > (attributes, pcdata)

std/js/JsXml__.hx

@@ -47,6 +47,14 @@ class JsXml__ {
 	public var _attributes : Hash<String>;
 	public var _children : Array<Xml>;
 
+	private static function unescape( s : String ) : String {
+		return s.split("&lt;").join("<").split("&gt;").join(">").split("&quot;").join("\"").split("&amp;").join("&");
+	}
+
+	private static function escape( s : String ) : String {
+		return s.split("&").join("&amp;").split("\"").join("&quot;").split("<").join("&lt;").split(">").join("&gt;");
+	}
+
 	public static function parse( str : String ) : Xml {
 		var rules = [enode,epcdata,ecdata,edoctype,eend,ecomment,eprolog];
 		var nrules = rules.length;
@@ -64,7 +72,7 @@ class JsXml__ {
 						current.addChild(x);
 						str = r.matchedRight();
 						while( eattribute.match(str) ) {
-							x.set(eattribute.matched(1),eattribute.matched(2));
+							x.set(eattribute.matched(1),unescape(eattribute.matched(2)));
 							str = eattribute.matchedRight();
 						}
 						if( !eclose.match(str) ) {
@@ -77,7 +85,7 @@ class JsXml__ {
 						}
 						str = eclose.matchedRight();
 					case 1: // PCData
-						var x = Xml.createPCData(r.matched(0));
+						var x = Xml.createPCData(unescape(r.matched(0)));
 						current.addChild(x);
 						str = r.matchedRight();
 					case 2: // CData
@@ -367,7 +375,11 @@ class JsXml__ {
 	}
 
 	public function toString() {
-		if( nodeType == Xml.PCData || nodeType == Xml.CData || nodeType == Xml.Comment || nodeType == Xml.DocType || nodeType == Xml.Prolog )
+		if( nodeType == Xml.PCData )
+			return escape(_nodeValue);
+		if( nodeType == Xml.CData )
+			return "<![CDATA["+_nodeValue+"]]>";
+		if( nodeType == Xml.Comment || nodeType == Xml.DocType || nodeType == Xml.Prolog )
 			return _nodeValue;
 
 		var s = new StringBuf();
@@ -379,7 +391,7 @@ class JsXml__ {
 				s.add(" ");
 				s.add(k);
 				s.add("=\"");
-				s.add(_attributes.get(k));
+				s.add(escape(_attributes.get(k)));
 				s.add("\"");
 			}
 			if( _children.length == 0 ) {

std/neko/NekoXml__.hx

@@ -43,6 +43,14 @@ class NekoXml__ {
 
 	private static var _parse = neko.Lib.load("std","parse_xml",2);
 
+	private static function unescape( s : String ) : String {
+		return s.split("&lt;").join("<").split("&gt;").join(">").split("&quot;").join("\"").split("&amp;").join("&");
+	}
+
+	private static function escape( s : String ) : String {
+		return s.split("&").join("&amp;").split("\"").join("&quot;").split("<").join("&lt;").split(">").join("&gt;");
+	}
+
 	static function parse( xmlData : String ) : Xml {
 		var x = new NekoXml__();
 
@@ -59,7 +67,7 @@ class NekoXml__ {
 					var i = 0;
 					var l = __dollar__asize(f);
 					while( i < l ) {
-						__dollar__objset(att,f[i], new String(__dollar__objget(att,f[i])) );
+						__dollar__objset(att,f[i], unescape(new String(__dollar__objget(att,f[i]))) );
 						i++;
 					}
 					this.cur.addChild(x);
@@ -77,7 +85,7 @@ class NekoXml__ {
 				var x : Dynamic = new NekoXml__();
 				x._parentNode = untyped this.cur;
 				x.nodeType = Xml.PCData;
-				x._nodeValue = new String(text);
+				x._nodeValue = unescape(new String(text));
 				untyped this.cur.addChild(x);
 			},
 			comment : function(text) {
@@ -320,7 +328,11 @@ class NekoXml__ {
 	}
 
 	public function toString() {
-		if( nodeType == Xml.PCData || nodeType == Xml.CData || nodeType == Xml.Comment || nodeType == Xml.DocType || nodeType == Xml.Prolog )
+		if( nodeType == Xml.PCData )
+			return escape(_nodeValue);
+		if( nodeType == Xml.CData )
+			return "<![CDATA["+_nodeValue+"]]>";
+		if( nodeType == Xml.Comment || nodeType == Xml.DocType || nodeType == Xml.Prolog )
 			return _nodeValue;
 
 		var s = new StringBuf();
@@ -332,7 +344,7 @@ class NekoXml__ {
 				s.add(" ");
 				s.add(k);
 				s.add("=\"");
-				s.add(Reflect.field(_attributes,k));
+				s.add(escape(Reflect.field(_attributes,k)));
 				s.add("\"");
 			}
 			if( _children.length == 0 ) {