From 832e903f26accf48554b5eaff510392b92cca125 Mon Sep 17 00:00:00 2001
From: Joseph Lawson <joe@joekiller.com>
Date: Wed, 22 Oct 2014 16:03:42 -0400
Subject: [PATCH 1/2] test sqs with xml characters

---
 tests/test_sqs/test_sqs.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/tests/test_sqs/test_sqs.py b/tests/test_sqs/test_sqs.py
index d616e0496..7f60bb17c 100644
--- a/tests/test_sqs/test_sqs.py
+++ b/tests/test_sqs/test_sqs.py
@@ -92,6 +92,21 @@ def test_send_message():
     messages[1].get_body().should.equal(body_two)
 
 
+@mock_sqs
+def test_send_message_with_xml_characters():
+    conn = boto.connect_sqs('the_key', 'the_secret')
+    queue = conn.create_queue("test-queue", visibility_timeout=60)
+    queue.set_message_class(RawMessage)
+
+    body_one = '< & >'
+
+    queue.write(queue.new_message(body_one))
+
+    messages = conn.receive_message(queue, number_messages=1)
+
+    messages[0].get_body().should.equal(body_one)
+
+
 @requires_boto_gte("2.28")
 @mock_sqs
 def test_send_message_with_attributes():

From ff27ef9e91caf89c508c86c67bd61b07dd1ce722 Mon Sep 17 00:00:00 2001
From: Joseph Lawson <joe@joekiller.com>
Date: Wed, 22 Oct 2014 16:05:26 -0400
Subject: [PATCH 2/2] XML escape body of sqs message body prior to encoding to
 XML

---
 moto/sqs/models.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/moto/sqs/models.py b/moto/sqs/models.py
index f50806e8a..a6188a57d 100644
--- a/moto/sqs/models.py
+++ b/moto/sqs/models.py
@@ -3,6 +3,7 @@ import base64
 import hashlib
 import time
 import re
+from xml.sax.saxutils import escape
 
 
 from moto.core import BaseBackend
@@ -19,7 +20,7 @@ DEFAULT_ACCOUNT_ID = 123456789012
 class Message(object):
     def __init__(self, message_id, body):
         self.id = message_id
-        self.body = body
+        self._body = body
         self.message_attributes = {}
         self.receipt_handle = None
         self.sender_id = DEFAULT_ACCOUNT_ID
@@ -35,6 +36,10 @@ class Message(object):
         body_md5.update(self.body.encode('utf-8'))
         return body_md5.hexdigest()
 
+    @property
+    def body(self):
+        return escape(self._body)
+
     def mark_sent(self, delay_seconds=None):
         self.sent_timestamp = unix_time_millis()
         if delay_seconds: