fix XML encoding for anyURI

related to #35

src/Core/Helpers/SimpleDomTrait.php

@@ -81,4 +81,26 @@ private function simpleDomSafeTextElement(DOMDocument $document, string $name, $
 
         return $element;
     }
+
+    /**
+     * Make a string valid to XML.anyURI.
+     *
+     * @see http://www.w3.org/TR/xmlschema-2/#anyURI
+     * @see http://www.datypic.com/sc/xsd/t-xsd_anyURI.html
+     */
+    private function simpleDomEncodeAnyUri(?string $uri): ?string
+    {
+        if (null === $uri) {
+            return null;
+        }
+
+        /* URIs require that some characters be escaped with their hexadecimal Unicode code point preceded by the %
+         * character. This includes non-ASCII characters and some ASCII characters, namely control characters, spaces,
+         * and the following characters (unless they are used as deliimiters in the URI): <>#%{}|\^`.
+         * [...]
+         * The only values that are not accepted are ones that make inappropriate use of reserved characters, such as ones that contain multiple # characters or have % characters that are not followed by two hexadecimal digits.
+         * -- as of http://www.datypic.com/sc/xsd/t-xsd_anyURI.html
+         */
+        return $uri; // @TODO
+    }
 }

src/Core/Serialize/DOM/Normalizers/ComponentNormalizer.php

@@ -161,7 +161,11 @@ private function normalizePurl(?PackageUrl $purl): ?DOMElement
     {
         return null === $purl
             ? null
-            : $this->simpleDomSafeTextElement($this->getNormalizerFactory()->getDocument(), 'purl', (string) $purl);
+            : $this->simpleDomSafeTextElement(
+                $this->getNormalizerFactory()->getDocument(),
+                'purl',
+                $this->simpleDomEncodeAnyUri((string) $purl)
+            );
     }
 
     private function normalizeExternalReferences(?ExternalReferenceRepository $externalReferenceRepository): ?DOMElement

src/Core/Serialize/DOM/Normalizers/DisjunctiveLicenseNormalizer.php

@@ -62,7 +62,7 @@ public function normalize(AbstractDisjunctiveLicense $license): DOMElement
             [
                 $this->simpleDomSafeTextElement($document, 'id', $id),
                 $this->simpleDomSafeTextElement($document, 'name', $name),
-                $this->simpleDomSafeTextElement($document, 'url', $license->getUrl()),
+                $this->simpleDomSafeTextElement($document, 'url', $this->simpleDomEncodeAnyUri($license->getUrl())),
             ]
         );
     }

src/Core/Serialize/DOM/Normalizers/ExternalReferenceNormalizer.php

@@ -53,7 +53,7 @@ public function normalize(ExternalReference $externalReference): DOMElement
                 ]
             ),
             [
-                $this->simpleDomSafeTextElement($doc, 'url', $externalReference->getUrl()),
+                $this->simpleDomSafeTextElement($doc, 'url', $this->simpleDomEncodeAnyUri($externalReference->getUrl())),
                 $this->simpleDomSafeTextElement($doc, 'comment', $externalReference->getComment()),
                 $this->normalizeHashes($externalReference->getHashRepository()),
             ]