freakboy3742
commented
2 weeks ago Thanks for the report. This is a class of problem we've been slowly squashing over time; See #905, #1746, and some others.
If you're interested in trying your hand at fixing this, the history and linked issues for #1746 are a good point of comparison.
The fix for this comes in 2 parts.
The first part is that we need to modify the briefcase-android-gradle-template so that anywhere user-generated content is inserted, it is appropriately escaped.
The second part is that we need an appropriate escape filter. We have escaping filters for XML, TOML and PLIST; we clearly need one for gradle as well. This will likely be structurally similar to the TOML filter, except that it's the ' character that needs escaping.
It would also be worth auditing all the other places that user-generated content is being inserted. Based on a quick inspection, it looks like an app with a formal name or app name that contains < or > will likely cause issues, as they need to be escaped in strings.xml. Anywhere that a {{ cookiecutter.something }} value is inserted in a template, we should be ensuring that the right escaping is occurring. Unless the value is intended as a template insertion (e.g., android_manifest_activity_attrs_extra_content), all user-provided content should be escaped.
Describe the bug
I've just noticed that if you create an app and include a quote in the name (
'),briefcasedoes not escape it inside thesettings.gradlefile. Nothing very concerning, just a bit misleading for people who may not know about this kinda stuffSteps to reproduce
briefcase'inside the name, e.g. "John Doe's amazing application"Expected behavior
I expected it to compile without errors. lol
Screenshots
No response
Environment
Like, are these really needed?
Logs
No response
Additional context
No response