SetSpeakMiddleware uses string formatting to create XML

[johnataylor]

Code in the SetSpeakMiddleware uses raw string formatting to create XML and is therefore exposed to badly formed XML creation, for example, if the values in the data contained characters such as < or > or &;

Code that creates XML should always use System.Xml and System.Xml.Linq classes such as XDocument, XElement etc. to manipulate and construct XML.

[ram-xv]

investigating