search

rust-syndication / rss

Library for serializing the RSS web content syndication format
https://crates.io/crates/rss
Apache License 2.0
430 stars 53 forks source link

Escaping of XML entities #167

Closed Turbo87 closed 1 week ago

Turbo87 commented 4 weeks ago

The Readme says:

Note: Writing a channel does not perform any escaping of XML entities.

and I can confirm this via:

rss::Item {
    description: Some("does it handle XML? <item>".to_string()),
    ..Default::default()
}

but I'm wondering, what is the reason for the "missing" escaping?

I'm currently using https://docs.rs/quick-xml/0.37.0/quick_xml/escape/fn.escape.html to manually escape the description field, but it would be nice if this sort of thing would be handled inside the rss lib directly. If there are valid reasons for not doing so, would it at least be possible to re-export the escape() fn from quick-xml so that we don't have to add two dependencies? :)

andy128k commented 1 week ago

That statement in readme seems misleading. Of course all needed escapes are performed. Specifically description is serialized as a CDATA and it may contain any markup you wish. You do not need to do any escaping before assigning a value to a description (or any other field).

Turbo87 commented 1 week ago

@andy128k thanks for the clarification! while removing our explicit escaping I discovered a small escaping bug, but I'll report that in a dedicated issue :)