diff --git a/lstV2/server/services/notifications/controller/notifications/tiFullFlow/loadItems.ts b/lstV2/server/services/notifications/controller/notifications/tiFullFlow/loadItems.ts
index d69517d..9cfb5bd 100644
--- a/lstV2/server/services/notifications/controller/notifications/tiFullFlow/loadItems.ts
+++ b/lstV2/server/services/notifications/controller/notifications/tiFullFlow/loadItems.ts
@@ -1,4 +1,5 @@
import { freightClass } from "../../../../../globalUtils/freightClass.js";
+import { escapeXml } from "../../../utils/xmlCharFixes.js";
export const loadItems = async (data: any) => {
let itemGroups = "";
@@ -21,7 +22,9 @@ export const loadItems = async (data: any) => {
data[i].pkgHeight / 25.4
).toFixed(2)}
- ${`av ${data[i].article} ${data[i].articleAlias}`}
+ ${`av ${data[i].article} ${escapeXml(
+ data[i].articleAlias
+ )}`}
${freightClass(
data[i].pkgWeight,
diff --git a/lstV2/server/services/notifications/controller/notifications/tiFullFlow/tiImport.ts b/lstV2/server/services/notifications/controller/notifications/tiFullFlow/tiImport.ts
index c22cda5..eae95dc 100644
--- a/lstV2/server/services/notifications/controller/notifications/tiFullFlow/tiImport.ts
+++ b/lstV2/server/services/notifications/controller/notifications/tiFullFlow/tiImport.ts
@@ -14,6 +14,7 @@ import { loadItems } from "./loadItems.js";
import { dateCorrection } from "./dateCorrection.js";
import { scacCheck } from "./scacCodeCheck.js";
import { postToTi } from "./postToTI.js";
+import { escapeXml } from "../../../utils/xmlCharFixes.js";
export const tiImport = async () => {
// get the plant token
@@ -224,21 +225,39 @@ export const tiImport = async () => {
// shipper info
payload = payload
- .replaceAll("[plantName]", `Alpla ${plantI[0]?.sName!}`)
- .replaceAll("[plantStreetAddress]", plantI[0]?.streetAddress!)
- .replaceAll("[plantCity]", plantI[0]?.cityState!.split(",")[0])
- .replaceAll("[plantState]", plantI[0]?.cityState!.split(",")[1])
- .replaceAll("[plantZipCode]", plantI[0]?.zipcode!)
- .replaceAll("[contactNum]", plantI[0]?.contactPhone!)
- .replaceAll("[contactEmail]", plantI[0]?.contactEmail!)
+ .replaceAll("[plantName]", escapeXml(`Alpla ${plantI[0]?.sName!}`))
+ .replaceAll(
+ "[plantStreetAddress]",
+ escapeXml(plantI[0]?.streetAddress!)
+ )
+ .replaceAll(
+ "[plantCity]",
+ escapeXml(plantI[0]?.cityState!.split(",")[0])
+ )
+ .replaceAll(
+ "[plantState]",
+ escapeXml(plantI[0]?.cityState!.split(",")[1])
+ )
+ .replaceAll("[plantZipCode]", escapeXml(plantI[0]?.zipcode!))
+ .replaceAll("[contactNum]", escapeXml(plantI[0]?.contactPhone!))
+ .replaceAll("[contactEmail]", escapeXml(plantI[0]?.contactEmail!))
// customer info
- .replaceAll("[customerName]", orderData[0].addressAlias)
- .replaceAll("[customerStreetAddress]", orderData[0].streetAddress)
- .replaceAll("[customerCity]", orderData[0].city.split(",")[0])
- .replaceAll("[customerState]", orderData[0].city.split(",")[1])
- .replaceAll("[customerZip]", orderData[0].zipCode)
- .replaceAll("[customerPO]", orderData[0].Header)
+ .replaceAll("[customerName]", escapeXml(orderData[0].addressAlias))
+ .replaceAll(
+ "[customerStreetAddress]",
+ escapeXml(orderData[0].streetAddress)
+ )
+ .replaceAll(
+ "[customerCity]",
+ escapeXml(orderData[0].city.split(",")[0])
+ )
+ .replaceAll(
+ "[customerState]",
+ escapeXml(orderData[0].city.split(",")[1])
+ )
+ .replaceAll("[customerZip]", escapeXml(orderData[0].zipCode))
+ .replaceAll("[customerPO]", escapeXml(orderData[0].Header))
// .replaceAll(
// "[glCoding]",
// `52410-${
diff --git a/lstV2/server/services/notifications/utils/xmlCharFixes.ts b/lstV2/server/services/notifications/utils/xmlCharFixes.ts
new file mode 100644
index 0000000..c21b3b3
--- /dev/null
+++ b/lstV2/server/services/notifications/utils/xmlCharFixes.ts
@@ -0,0 +1,9 @@
+export const escapeXml = (str: string) => {
+ if (!str) return "";
+ return str
+ .replace(/&/g, "&")
+ .replace(//g, ">")
+ .replace(/"/g, """)
+ .replace(/'/g, "'");
+};