[BUG] Missing semicolon in ampersand during decoding

[The0neThe0nly]

Information

1. Apktool Version (apktool -version) - 2.6.0
2. Operating System (Mac, Linux, Windows) - Mac, Linux
3. APK From? (Playstore, ROM, Other) - Playstore

For the given APK, two ampersands in res/values/strings.xml decode incorrectly. These decode as &amp instead of & They are embedded in a string within an html element within a string within an html element, looks like this:

<string name="not_as_described">"Sorry this isn't what you expected! Contact the seller to let them know.

Once you agree on a solution, use "<a href="https://www.paypal.com/gb/webapps/helpcenter/helphub/article/?solutionId=FAQ957&amp" topicID="&amp" m="ARA">PayPal’s Resolution Centre</a>", so they can monitor the return process, to make sure both you and the seller are protected.

If the item was counterfeit, let us know by sending this report. We'll remove the item and take the appropriate action to make sure the Depop community is safe."</string>

Stacktrace/Logcat

The error is in decoding, but building the incorrectly decoded file results in the following stacktrace (from APKLab):

------------------------------------
Rebuilding depop.apk into depop/dist
------------------------------------
java -jar /Users/jack/.apklab/apktool_2.6.0.jar b /Users/jack/Work/Depop/depop --use-aapt2
I: Using Apktool 2.6.0
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes20 folder into classes20.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes18 folder into classes18.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes11 folder into classes11.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes16 folder into classes16.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes17 folder into classes17.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes10 folder into classes10.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes26 folder into classes26.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes19 folder into classes19.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes21 folder into classes21.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes9 folder into classes9.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes7 folder into classes7.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes6 folder into classes6.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes8 folder into classes8.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes24 folder into classes24.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes23 folder into classes23.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes15 folder into classes15.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes12 folder into classes12.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes13 folder into classes13.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes14 folder into classes14.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes22 folder into classes22.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes25 folder into classes25.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes3 folder into classes3.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes4 folder into classes4.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes5 folder into classes5.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes2 folder into classes2.dex...
I: Checking whether resources has changed...
I: Building resources...
W: /Users/jack/Work/Depop/depop/res/values/strings.xml:0: error: xml parser error: not well-formed (invalid token).
W: /Users/jack/Work/Depop/depop/res/values/strings.xml: error: file failed to compile.
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/var/folders/ls/xzl_mz3x2g19yx9qlsxndf0c0000gn/T/brut_util_Jar_144578456943816367313103059144283132130.tmp, compile, --dir, /Users/jack/Work/Depop/depop/res, --legacy, -o, /Users/jack/Work/Depop/depop/build/resources.zip]
Rebuilding process exited with code 1

Steps to Reproduce

1. apktool d depop.apk -o depop

APK

https://play.google.com/store/apps/details?id=com.depop&hl=en_US&gl=US

[iBotPeaches]

Confirmed. Must have regressed during: https://github.com/iBotPeaches/Apktool/pull/2631

➜  2703 aapt d --values resources com.depop_17089781_apps.evozi.com.apk | grep 'not_as_described'
      spec resource 0x7f1203e9 com.depop:string/item_not_as_described: flags=0x00000004
      spec resource 0x7f12054b com.depop:string/not_as_described: flags=0x00000004
        resource 0x7f1203e9 com.depop:string/item_not_as_described: t=0x03 d=0x00003365 (s=0x0008 r=0x00)
        resource 0x7f12054b com.depop:string/not_as_described: t=0x03 d=0x00000007 (s=0x0008 r=0x00)
        resource 0x7f1203e9 com.depop:string/item_not_as_described: t=0x03 d=0x00003365 (s=0x0008 r=0x00)
        resource 0x7f12054b com.depop:string/not_as_described: t=0x03 d=0x00000012 (s=0x0008 r=0x00)
        resource 0x7f1203e9 com.depop:string/item_not_as_described: t=0x03 d=0x00003799 (s=0x0008 r=0x00)
        resource 0x7f12054b com.depop:string/not_as_described: t=0x03 d=0x0000001e (s=0x0008 r=0x00)
        resource 0x7f1203e9 com.depop:string/item_not_as_described: t=0x03 d=0x00004425 (s=0x0008 r=0x00)
        resource 0x7f12054b com.depop:string/not_as_described: t=0x03 d=0x00000023 (s=0x0008 r=0x00)
        resource 0x7f1203e9 com.depop:string/item_not_as_described: t=0x03 d=0x00003365 (s=0x0008 r=0x00)
        resource 0x7f12054b com.depop:string/not_as_described: t=0x03 d=0x00000034 (s=0x0008 r=0x00)
        resource 0x7f1203e9 com.depop:string/item_not_as_described: t=0x03 d=0x00004a43 (s=0x0008 r=0x00)
        resource 0x7f12054b com.depop:string/not_as_described: t=0x03 d=0x00000037 (s=0x0008 r=0x00)

Marking as bug.