From ea7fce90d39f3bc4c6fbe8e09d21cdc30e609151 Mon Sep 17 00:00:00 2001
From: hf-ddernbach <daniel.dernbach@hochfrequenz.de>
Date: Tue, 12 Sep 2023 14:04:00 +0200
Subject: [PATCH 1/3] introduced character encodings suitable for HTML ("<" /
 ">")

---
 src/ebdtable2graph/graphviz.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/ebdtable2graph/graphviz.py b/src/ebdtable2graph/graphviz.py
index a066d37..0fdc8a0 100644
--- a/src/ebdtable2graph/graphviz.py
+++ b/src/ebdtable2graph/graphviz.py
@@ -26,6 +26,8 @@ def _format_label(label: str) -> str:
     Converts the given string e.g. a text for a node to a suitable output for dot. It replaces newlines (`\n`) with
     the HTML-tag `<BR>`.
     """
+    label = label.replace(">", '&gt;')
+    label = label.replace("<", '&lt;')
     return label.replace("\n", '<BR align="left"/>')
     # escaped_str = re.sub(r"^(\d+): ", r"<B>\1: </B>", label)
     # escaped_str = label.replace("\n", '<BR align="left"/>')

From 5f59d20c313d61f85bac128ea29ff07f14eede91 Mon Sep 17 00:00:00 2001
From: hf-ddernbach <daniel.dernbach@hochfrequenz.de>
Date: Tue, 12 Sep 2023 15:46:14 +0200
Subject: [PATCH 2/3] fixed formatting of previous change

---
 src/ebdtable2graph/graphviz.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ebdtable2graph/graphviz.py b/src/ebdtable2graph/graphviz.py
index 0fdc8a0..5278001 100644
--- a/src/ebdtable2graph/graphviz.py
+++ b/src/ebdtable2graph/graphviz.py
@@ -26,8 +26,8 @@ def _format_label(label: str) -> str:
     Converts the given string e.g. a text for a node to a suitable output for dot. It replaces newlines (`\n`) with
     the HTML-tag `<BR>`.
     """
-    label = label.replace(">", '&gt;')
-    label = label.replace("<", '&lt;')
+    label = label.replace(">", "&gt;")
+    label = label.replace("<", "&lt;")
     return label.replace("\n", '<BR align="left"/>')
     # escaped_str = re.sub(r"^(\d+): ", r"<B>\1: </B>", label)
     # escaped_str = label.replace("\n", '<BR align="left"/>')

From d5992cb8ec8301c22888cc118b7b6fe12055a25e Mon Sep 17 00:00:00 2001
From: hf-ddernbach <daniel.dernbach@hochfrequenz.de>
Date: Tue, 12 Sep 2023 16:49:03 +0200
Subject: [PATCH 3/3] added XML escape function

---
 src/ebdtable2graph/graphviz.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/ebdtable2graph/graphviz.py b/src/ebdtable2graph/graphviz.py
index 5278001..8f1bac7 100644
--- a/src/ebdtable2graph/graphviz.py
+++ b/src/ebdtable2graph/graphviz.py
@@ -2,6 +2,7 @@
 This module contains logic to convert EbdGraph data to dot code (Graphviz) and further to parse this code to SVG images.
 """
 from typing import List, Optional
+from xml.sax.saxutils import escape
 
 from ebdtable2graph.add_watermark import add_background as add_background_function
 from ebdtable2graph.add_watermark import add_watermark as add_watermark_function
@@ -26,9 +27,7 @@ def _format_label(label: str) -> str:
     Converts the given string e.g. a text for a node to a suitable output for dot. It replaces newlines (`\n`) with
     the HTML-tag `<BR>`.
     """
-    label = label.replace(">", "&gt;")
-    label = label.replace("<", "&lt;")
-    return label.replace("\n", '<BR align="left"/>')
+    return escape(label).replace("\n", '<BR align="left"/>')
     # escaped_str = re.sub(r"^(\d+): ", r"<B>\1: </B>", label)
     # escaped_str = label.replace("\n", '<BR align="left"/>')
     # return f'<{escaped_str}<BR align="left"/>>'