From 55ba13fdac3237433998ab19e49ab687a54c01c5 Mon Sep 17 00:00:00 2001
From: Oliver Davies <opdavies@gmail.com>
Date: Sat, 30 Dec 2017 18:20:24 +0000
Subject: [PATCH] Ensure characters are converted

---
 src/Builder.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/Builder.php b/src/Builder.php
index b2ff8f3..ea04375 100644
--- a/src/Builder.php
+++ b/src/Builder.php
@@ -66,6 +66,9 @@ class Builder
             $value = collect($value)->implode('|');
         }
 
-        return "<apps:property name='{$key}' value='{$value}'/>";
+        return vsprintf("<apps:property name='%s' value='%s'/>", [
+            $key,
+            htmlentities($value),
+        ]);
     }
 }