From 45d168c79d2d3f3d0dd6247e2b527f3007d84793 Mon Sep 17 00:00:00 2001
From: xuri <xuri.me@gmail.com>
Date: Tue, 15 Nov 2022 22:08:37 +0800
Subject: This closes #1391, escape XML characters to avoid with corrupt file

- Update and improve unit test coverage
---
 cell.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'cell.go')

diff --git a/cell.go b/cell.go
index a0a2818..bbbb83a 100644
--- a/cell.go
+++ b/cell.go
@@ -12,6 +12,7 @@
 package excelize
 
 import (
+	"bytes"
 	"encoding/xml"
 	"fmt"
 	"os"
@@ -490,7 +491,9 @@ func (c *xlsxC) setCellValue(val string) {
 // string.
 func (c *xlsxC) setInlineStr(val string) {
 	c.T, c.V, c.IS = "inlineStr", "", &xlsxSI{T: &xlsxT{}}
-	c.IS.T.Val, c.IS.T.Space = trimCellValue(val)
+	buf := &bytes.Buffer{}
+	_ = xml.EscapeText(buf, []byte(val))
+	c.IS.T.Val, c.IS.T.Space = trimCellValue(buf.String())
 }
 
 // setStr set cell data type and value which containing a formula string.
-- 
cgit v1.2.1