From 28ac5b5090c843b0d19719488dc7c0f41300db47 Mon Sep 17 00:00:00 2001
From: Oliver Foster <oliver.foster@kineo.com>
Date: Tue, 12 Nov 2024 16:29:37 +0000
Subject: [PATCH] HTML escaping

---
 grunt/helpers/Translate.js | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/grunt/helpers/Translate.js b/grunt/helpers/Translate.js
index bb71b6871..2136de58a 100644
--- a/grunt/helpers/Translate.js
+++ b/grunt/helpers/Translate.js
@@ -196,11 +196,13 @@ class Translate {
 ${Object.entries(outputGroupedByFile).map(([fileName, entries]) => {
     return ` <file id="${fileName}">
 ${entries.map(item => {
-    if (/[<>]+/.test(item.value)) return null;
+    const value = /[<>&"'/]/.test(item.value)
+      ? `<![CDATA[${item.value}]]>`
+      : item.value;
     return `    <unit id="${item.id}${item.path}">
       <segment>
-        <source xml:space="preserve">${item.value}</source>
-        <target xml:space="preserve">${item.value}</target>
+        <source xml:space="preserve">${value}</source>
+        <target xml:space="preserve">${value}</target>
       </segment>
     </unit>
 `;