From f933e5e78dc2637e485447ed821fe14904f110de Mon Sep 17 00:00:00 2001
From: Christian Schulte <schulte@apache.org>
Date: Sun, 8 May 2016 00:09:22 +0200
Subject: [PATCH] o Updated to remove '<!--' and '-->' from XML comments to
 guard against XML   XML injection issues.

Fixes #3
---
 .../org/codehaus/plexus/util/xml/XmlWriterUtil.java    | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/main/java/org/codehaus/plexus/util/xml/XmlWriterUtil.java b/src/main/java/org/codehaus/plexus/util/xml/XmlWriterUtil.java
index 913b5f27..e14dcb2d 100644
--- a/src/main/java/org/codehaus/plexus/util/xml/XmlWriterUtil.java
+++ b/src/main/java/org/codehaus/plexus/util/xml/XmlWriterUtil.java
@@ -186,6 +186,16 @@ public static void writeComment( XMLWriter writer, String comment, int indent, i
             comment = "null";
         }
 
+        while ( comment.contains( "<!--" ) )
+        {
+            comment = comment.replace( "<!--", "" );
+        }
+
+        while ( comment.contains( "-->" ) )
+        {
+            comment = comment.replace( "-->", "" );
+        }
+
         if ( indent < 0 )
         {
             indent = 0;