Skip to content

fix(atom): escape & in category attribute values#249

Merged
jpmonette merged 2 commits into
jpmonette:masterfrom
greymoth-jp:fix/atom-category-escape
Jul 5, 2026
Merged

fix(atom): escape & in category attribute values#249
jpmonette merged 2 commits into
jpmonette:masterfrom
greymoth-jp:fix/atom-category-escape

Conversation

@greymoth-jp

Copy link
Copy Markdown
Contributor

The Atom renderer puts category values into attributes (<category term="..."/> for feed-level categories, and label/scheme/term for item categories) and hands them to xml-js unescaped.

xml-js escapes & inside element text but not inside attribute values, so a category containing an ampersand produces non-well-formed XML:

feed.addCategory("Arts & Crafts");

feed.atom1(); // <category term="Arts & Crafts"/>   raw &, rejected by strict XML parsers
feed.rss2();  // <category>Arts &amp; Crafts</category>   escaped, valid

The RSS2 renderer already escapes the same value because it emits the category as element text, where xml-js does escape &. So the two formats disagree for identical input, and the Atom output is invalid.

This applies the existing sanitize() helper to the category attributes, the same approach used for enclosure URLs in #228. Feed-level snapshots are unchanged because the sample categories contain no &. Added a test covering the feed-level term and the item-level label/scheme.

@jpmonette jpmonette merged commit 35473e1 into jpmonette:master Jul 5, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants