Replacement of special characters for XML

[Go220374]

Added replacement of special characters when generating XML for TeamCity.

[Go220374]

Hello.
We ran into a problem where the hook fails to add some builds triggered by PR to the TeamCity queue. In such cases, TeamCity reports an invalid request.
The reason turned out to be that branch names and the PR header can contain special XML-specific characters - "'<>&. In XML, these characters were interpreted as markup and XML integrity was violated.
For example: when making a revert commit, BitBucket automatically generates a double-quoted commit message: Revert "original commit message". When creating a PR with such a commit, this entire line ends up in the PR header.

To solve the problem, we replace the specified symbols with their named entities, XML is created, and the assemblies will successfully enter the TeamCity queue.

[jmecosta]

@Go220374 thanks for the pull request, i was thinking more on the lines of

URLEncoder.encode(branch, StandardCharsets.UTF_8);

[Go220374]

Hello! Thank's for reply. I'm sorry, but URLEncoder.encode(s, StandardCharsets.UTF_8.toString()); instead of the string & ' " < > it returns %26+%27+%22+%3C+%3E and this is how it is displayed in xml. Example:
XML source
<?xml version="1.0" encoding="UTF-8"?>
<a>
<b>%26+%27+%22+%3C+%3E</b>
<c>&amp; &quot; & &apos; &gt; &lt; </c>
</a>
Show XML in Browser
<?xml version="1.0" encoding="UTF-8"?>
<a>
<b>%26+%27+%22+%3C+%3E</b>
<c> & " ' > < </c>
</a>

Will it be acceptable? (this is a question, not a statement :-) )
p.s. My function returns a string value, which is presented in the C tag, in my opinion it looks readable

[jmecosta]

ok my bad... what you are trying to escape is xml... so
https://commons.apache.org/proper/commons-lang/javadocs/api-2.6/org/apache/commons/lang/StringEscapeUtils.html

if you can use that, see escapeXml

alternatively we could use some real java library to create xml samples, but maybe to much for this quick fix.

Let me know if you cant use that escapeXml, i will merge it as is

[Go220374]

Yes, if it's acceptable, accept the code as is. If it's not acceptable, please, using the apache library - it's good variant.
p.s. Using the apache library makes it difficult to negotiate with my organization's security team

[jmecosta]

in that case, lets not be going into negotiations with security team :)

[jmecosta]

@Go220374 thanks you: Published in https://marketplace.atlassian.com/manage/apps/1215178/versions/300000310/details

[Go220374]

Thank You very much!!! Have a nice day!