`entry._get_string_field` fails if `key` contains a double quote due to missing XPath escaping

[shadow1runner]

This is closely related to the subject discussed in #123 and the corresponding PR #204 and appeared in downstream jampe/kp2bw#10.

The issue in entry.py are threefold:

• pykeepass/pykeepass/entry.py

  Line 80 in 9f517fe

  field = self._xpath('String/Key[text()="{}"]/../Value'.format(key), first=True)

• pykeepass/pykeepass/entry.py

  Line 85 in 9f517fe

  field = self._xpath('String/Key[text()="{}"]/..'.format(key), first=True)

• pykeepass/pykeepass/entry.py

  Line 248 in 9f517fe

  prop = self._xpath('String/Key[text()="{}"]/..'.format(key), first=True)

which all boil down do the fact, that using the latter as an example, the given key is not properly escaped:

prop = self._xpath('String/Key[text()="{}"]/..'.format(key), first=True)

Now @Evidlo already mentioned the possibility of using a simple escape method for this purpose; however, I assume there will be more of these xpath related issues which makes me wondering whether you guys think that it's time that #204 gets merged? As far as I see it doesn't fix the issues outlined here, but it lays the required foundation to do so

Thanks

[smithfred]

Can Evidlo's referenced function be used for now while other fixes are worked on, since this is a crashing bug for consuming applications if the user tries to use quotation marks in various places, and the bug's been around for at least 2.5 years now per the git blame of the above.