Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Properly escape special characters in XML #77

Closed
wants to merge 5 commits into from
Closed

Properly escape special characters in XML #77

wants to merge 5 commits into from

Conversation

kemp
Copy link

@kemp kemp commented Sep 19, 2018

<![CDATA[]]> sections do not need to have HTML escaped. Doing so causes strange output.

For example, if the title of a Feed Item is "I like PB&J", then it would be output as "I like PB&J", which is subsequently what would be shown to the user.

However, what does need to be escaped is the CEnd tag: ]]>. I made a helper function which escapes that so that no user input can cause any harm.

I included a test to verify that the output is correct. I wasn't sure the exact way I should go about adding the test, so I created a new SpecialDummyItem class which has a title with strange characters.

P.S. I also removed a space in the <author> tag... I couldn't help it.

  <author>
-     <name> <![CDATA[feedItemAuthor]]></name>
+     <name><![CDATA[feedItemAuthor]]></name>
   </author>

rockhopper72 added 3 commits September 19, 2018 16:03
Items in feeds are properly escaped
e32fd28 
When using CDATA, it is unnecessary to escape html characters;
however, one thing that must be escaped is the CEnd tag.
Apply CS fixes
ae93360
Apply StyleCI fixes
b17a7e3
@kemp
Copy link
Author

kemp commented Jan 10, 2019

Hello?

freekmurze
freekmurze requested changes Jan 10, 2019
View reviewed changes
src/Helpers/helpers.php Outdated Show resolved Hide resolved
@freekmurze
Copy link
Member

Sorry for the long wait, this PR seems to have slipped through the net.

@kemp
Copy link
Author

kemp commented Jan 10, 2019

No problem, it can happen. I will take a look at the changes you requested soon!

freekmurze
freekmurze requested changes Jan 14, 2019
View reviewed changes
Copy link
Member

@freekmurze freekmurze left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some nitpicks

src/Format.php Outdated Show resolved Hide resolved
src/Format.php Outdated Show resolved Hide resolved
@kemp
Copy link
Author

kemp commented Jan 14, 2019

It's no problem!

@spatie-bot
Copy link

Dear contributor,

because this pull request seems to be inactive for quite some time now, I've automatically closed it. If you feel this pull request deserves some attention from my human colleagues feel free to reopen it.

@spatie-bot spatie-bot closed this May 15, 2019
@akirk akirk mentioned this pull request Oct 24, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@freekmurze freekmurze freekmurze requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kemp @freekmurze @spatie-bot