--- Webpacus/lib/Webpacus/Model/WebPAC.pm	2006/02/19 22:40:40	405
+++ Webpacus/lib/Webpacus/Model/WebPAC.pm	2006/02/20 21:47:54	413
@@ -552,6 +552,10 @@
 
 =cut
 
+# Escape <, >, & and ", and to produce valid XML
+my %escape = ('<'=>'&lt;', '>'=>'&gt;', '&'=>'&amp;', '"'=>'&quot;');  
+my $escape_re  = join '|' => keys %escape;
+
 sub apply {
 	my $self = shift;
 
@@ -599,9 +603,12 @@
 			if (ref($v) eq 'ARRAY') {
 				if ($#{$v} == 0) {
 					$v = $v->[0];
+					$v =~ s/($escape_re)/$escape{$1}/g;
 				} else {
 					$join = $default_delimiter->{$type} unless defined($join);
-					$v = join($join, @{$v});
+					$v = join($join, map {
+						s/($escape_re)/$escape{$1}/g;
+					} @{$v});
 				}
 			} else {
 				warn("TT filter $type(): field $name values aren't ARRAY, ignoring");