From f27116930abaa27396d2ffb1ad70003ed63d3296 Mon Sep 17 00:00:00 2001 From: Jason Streifling Date: Wed, 16 Oct 2024 16:51:39 +0200 Subject: [PATCH] Correctly escape strings if needed and check for it --- atom.go | 12 ++++++++++++ category.go | 9 +++++++++ plainText.go | 4 ++++ text.go | 2 +- 4 files changed, 26 insertions(+), 1 deletion(-) diff --git a/atom.go b/atom.go index 24c163a..5b471c6 100644 --- a/atom.go +++ b/atom.go @@ -28,6 +28,18 @@ func isValidURI(uri URI) bool { return isValidURL(uri) || isValidURN(uri) } +func isCorrectlyEscaped(text string) bool { + relevantEntities := []string{"&", "<", ">", """, "'"} + + for _, entity := range relevantEntities { + if strings.Contains(text, entity) { + return false + } + } + + return true +} + func isCompositeMediaType(mediaType string) bool { mediaType, _, err := mime.ParseMediaType(mediaType) if err != nil { diff --git a/category.go b/category.go index aa9f547..9e90dd3 100644 --- a/category.go +++ b/category.go @@ -3,6 +3,7 @@ package atomfeed import ( "errors" "fmt" + "html" ) type Category struct { @@ -22,6 +23,10 @@ func NewCategory(term string) (*Category, error) { return &Category{Term: term, Content: content}, nil } +func (c *Category) SetLabel(label string) { + c.Label = html.UnescapeString(label) +} + func (c *Category) Check() error { if c.Term == "" { return errors.New("term attribute of category empty") @@ -33,6 +38,10 @@ func (c *Category) Check() error { } } + if !isCorrectlyEscaped(c.Label) { + return fmt.Errorf("label attribute of category %v not correctly escaped", c.Label) + } + if c.Content == nil { return errors.New("no content element of category") } else { diff --git a/plainText.go b/plainText.go index 6d4eb3d..149fcd2 100644 --- a/plainText.go +++ b/plainText.go @@ -15,6 +15,10 @@ func (p *PlainText) Check() error { return errors.New("type attribute of plain text must be text or html if not omitted") } + if p.Type == "html" && !isCorrectlyEscaped(p.Text) { + return errors.New("text element of plain text not correctly escaped") + } + if p.Text == "" { return errors.New("text element of plain text empty") } diff --git a/text.go b/text.go index 221ba7c..96c548d 100644 --- a/text.go +++ b/text.go @@ -15,7 +15,7 @@ func NewText(textType, content string) (Text, error) { case "text", "": return &PlainText{Type: textType, Text: content}, nil case "html": - return &PlainText{Type: textType, Text: html.EscapeString(content)}, nil + return &PlainText{Type: textType, Text: html.UnescapeString(content)}, nil case "xhtml": return &XHTMLText{ Type: textType,