This closes #1391, escape XML characters to avoid with corrupt file

- Update and improve unit test coverage
author: xuri <xuri.me@gmail.com> 2022-11-15 22:08:37 +0800
committer: xuri <xuri.me@gmail.com> 2022-11-15 22:08:37 +0800
commit: 45d168c79d2d3f3d0dd6247e2b527f3007d84793 (patch)
tree: 70d84647e84a8e04939e797b9ca7ceee008bf4a6 /cell.go
parent: ac564afa56a691e378ab9bb04cb14bb283886a16 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/cell.go b/cell.go
index a0a2818..bbbb83a 100644
--- a/cell.go
+++ b/cell.go
@@ -12,6 +12,7 @@
 package excelize
 
 import (
+	"bytes"
 	"encoding/xml"
 	"fmt"
 	"os"
@@ -490,7 +491,9 @@ func (c *xlsxC) setCellValue(val string) {
 // string.
 func (c *xlsxC) setInlineStr(val string) {
 	c.T, c.V, c.IS = "inlineStr", "", &xlsxSI{T: &xlsxT{}}
-	c.IS.T.Val, c.IS.T.Space = trimCellValue(val)
+	buf := &bytes.Buffer{}
+	_ = xml.EscapeText(buf, []byte(val))
+	c.IS.T.Val, c.IS.T.Space = trimCellValue(buf.String())
 }
 
 // setStr set cell data type and value which containing a formula string.
author	xuri <xuri.me@gmail.com>	2022-11-15 22:08:37 +0800
committer	xuri <xuri.me@gmail.com>	2022-11-15 22:08:37 +0800
commit	45d168c79d2d3f3d0dd6247e2b527f3007d84793 (patch)
tree	70d84647e84a8e04939e797b9ca7ceee008bf4a6 /cell.go
parent	ac564afa56a691e378ab9bb04cb14bb283886a16 (diff)