Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decode HTML entities in feed item titles #6210

Merged
merged 10 commits into from Jul 28, 2023
Merged

Decode HTML entities in feed item titles #6210

merged 10 commits into from Jul 28, 2023

Conversation

bezin
Copy link
Contributor

@bezin bezin commented Jul 11, 2023

The RSS spec does not mention HTML in item titles. As Contao encodes HTML entities on input, they are currently output as is in the feed item title. This PR converts them back before outputting the title to the feed.

2023-07-11 21_51_39

@bezin bezin changed the base branch from 5.x to 5.1 July 12, 2023 07:18
@ausi
Copy link
Member

ausi commented Jul 12, 2023

Do we need to do the same for the feed title and description here?

contao/news-bundle/src/Controller/Page/NewsFeedController.php

Lines 59 to 60 in e0c479f

->setTitle($pageModel->title)
->setDescription($pageModel->feedDescription)

And can we add a test case to NewsFeedControllerTest that ensures that special XML characters (<, > and &) are properly encoded?

ausi
ausi previously approved these changes Jul 13, 2023
View reviewed changes
@bezin
Copy link
Contributor Author

bezin commented Jul 13, 2023

For future reference:

  • I decode HTML entities for feed title, feed description and each item title
  • I do not decode HTML entities for each item description, as the RSS 2.0 spec specifically allows encoded HTML here
  • I added a test case to check for correctly encoding < and > to prevent XML injections as requested by @ausi

@bezin bezin requested a review from ausi July 13, 2023 10:08
ausi
ausi previously approved these changes Jul 13, 2023
View reviewed changes
@bezin bezin requested a review from aschempp July 14, 2023 12:23
aschempp
aschempp previously approved these changes Jul 14, 2023
View reviewed changes
@leofeyer leofeyer added the bug label Jul 21, 2023
@leofeyer leofeyer added this to the 5.1 milestone Jul 21, 2023
leofeyer
leofeyer previously approved these changes Jul 28, 2023
View reviewed changes
@leofeyer leofeyer changed the title Decode HTML entities in feed item title Decode HTML entities in feed item titles Jul 28, 2023
@leofeyer leofeyer enabled auto-merge (squash) July 28, 2023 08:25
@leofeyer
Copy link
Member

Thank you @bezin.

@leofeyer leofeyer force-pushed the fix-rss-item-title-encoding branch from 5f4f3e7 to 594b1f2 Compare July 28, 2023 08:27
@leofeyer leofeyer merged commit 9fd94d3 into contao:5.1 Jul 28, 2023
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ausi ausi ausi left review comments

@leofeyer leofeyer leofeyer approved these changes

@aschempp aschempp aschempp left review comments

Assignees

@bezin bezin

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@bezin @ausi @leofeyer @aschempp