Fix double encoding of non-HTML strings in feed (#7328)

OrchardCMS · Oct 24, 2020 · 9cbb9a4 · 9cbb9a4
1 parent 1383167
commit 9cbb9a4
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 5 deletions.
diff --git a/src/OrchardCore.Modules/OrchardCore.Contents/Feeds/CommonFeedItemBuilder.cs b/src/OrchardCore.Modules/OrchardCore.Contents/Feeds/CommonFeedItemBuilder.cs
@@ -1,6 +1,5 @@
 using System;
 using System.Linq;
-using System.Net;
 using System.Threading.Tasks;
 using System.Xml.Linq;
 using Microsoft.AspNetCore.Mvc;
@@ -46,7 +45,7 @@ public async Task PopulateAsync(FeedContext context)
                         guid.Add(url);
                     });
 
-                    feedItem.Element.SetElementValue("title", WebUtility.HtmlEncode(contentItem.DisplayText));
+                    feedItem.Element.SetElementValue("title", contentItem.DisplayText);
                     feedItem.Element.Add(link);
 
                     feedItem.Element.Add(new XElement("description", new XCData(bodyAspect.Body?.ToString() ?? String.Empty)));
@@ -74,7 +73,7 @@ public async Task PopulateAsync(FeedContext context)
                         context.Builder.AddProperty(context, feedItem, "link", url);
                     });
 
-                    context.Builder.AddProperty(context, feedItem, "title", WebUtility.HtmlEncode(contentItem.DisplayText));
+                    context.Builder.AddProperty(context, feedItem, "title", contentItem.DisplayText);
                     context.Builder.AddProperty(context, feedItem, new XElement("description", new XCData(bodyAspect.Body?.ToString() ?? String.Empty)));
 
                     if (contentItem.PublishedUtc != null)

diff --git a/src/OrchardCore.Modules/OrchardCore.Lists/Feeds/ListFeedQuery.cs b/src/OrchardCore.Modules/OrchardCore.Lists/Feeds/ListFeedQuery.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Net;
 using System.Threading.Tasks;
 using System.Xml.Linq;
 using Microsoft.AspNetCore.Mvc;
@@ -63,7 +62,7 @@ public async Task ExecuteAsync(FeedContext context)
             if (context.Format == "rss")
             {
                 var link = new XElement("link");
-                context.Response.Element.SetElementValue("title", WebUtility.HtmlEncode(contentItem.DisplayText));
+                context.Response.Element.SetElementValue("title", contentItem.DisplayText);
                 context.Response.Element.Add(link);
 
                 context.Response.Element.Add(new XElement("description", new XCData(bodyAspect.Body?.ToString() ?? String.Empty)));

diff --git a/test/OrchardCore.Tests/Modules/OrchardCore.Contents/Feeds/RssFeedTests.cs b/test/OrchardCore.Tests/Modules/OrchardCore.Contents/Feeds/RssFeedTests.cs
@@ -52,6 +52,42 @@ public async Task AvoidDoubleEncodeCDATA(string format)
             Assert.Equal("<description><![CDATA[<p>The news description goes here ...</p>]]></description>", description);
         }
 
+        [Theory]
+        [InlineData("rss")]
+        [InlineData("non rss")]
+        public async Task ShouldOnlyHtmlEntityEscapeFeedTitle(string format)
+        {
+            // Arrange
+            var contentManagerMock = new Mock<IContentManager>();
+            var commonFeedItemBuilder = new CommonFeedItemBuilder(contentManagerMock.Object);
+            var feedContext = CreateFeedContext(format);
+
+            contentManagerMock.SetReturnsDefault(Task.FromResult(new ContentItemMetadata
+            {
+                DisplayRouteValues = new RouteValueDictionary()
+            }));
+
+            contentManagerMock.SetReturnsDefault(Task.FromResult(new BodyAspect
+            {
+                Body = new HtmlString("<p>The news description goes here ...</p>")
+            }));
+
+            feedContext.Builder.AddItem(feedContext, new ContentItem
+            {
+                DisplayText = "It's a great title & so much > than anybody's!",
+                PublishedUtc = DateTime.UtcNow
+            });
+
+            // Act
+            await commonFeedItemBuilder.PopulateAsync(feedContext);
+
+            // Assert
+            var title = feedContext.Response.Items[0].Element.Element("title").ToString();
+
+            // Test to ensure that double encoding of title does not occur and complies with XML requirements
+            Assert.Equal("<title>It's a great title &amp; so much &gt; than anybody's!</title>", title);
+        }
+
         private static FeedContext CreateFeedContext(string format)
         {
             var feedContextMock = new Mock<FeedContext>(Mock.Of<IUpdateModel>(), format);