Text is not escaped on write

[mernen]

When producing XML, text on any field is written unescaped, which in practice means any feed with HTML content will be broken.

Example:

extern crate rss;

use rss::Channel;

fn main() {
    let input = r#"
        <rss version="2.0">
            <channel>
                <title>My &lt;feed&gt;</title>
            </channel>
        </rss>
    "#;
    let channel = input.parse::<Channel>().unwrap();
    let output = channel.to_string();

    println!("Output:\n{}", output);

    // test roundtrip
    output.parse::<Channel>().expect("Couldn't read back output");
}

The final roundtrip parse fails due to a literal <feed> that was written.

Looking into the quick-xml crate, I couldn't find it clearly stated anywhere, but from the source code, Event::Text is meant to hold only escaped content. (This is still true on quick-xml 0.6, where a number of things changed compared to 0.4.)

[tafia]

Quick-xml doesn't handle escaping characters when writing. Shouldn't be too complicated to add.

[frewsxcv]

Should this be reported upstream to quickxml or is this something that should be added for this 'rss' crate?

[tafia]

This should probably be better on quick-xml. Unfortunately I don't have much time at the moment.

[huntiep]

What would be involved in fixing this? Would it just require escaping Event::Text on write_event, or is there more involved? If that's all involved I think I have a patch here.

[tafia]

Thanks!
Can you do a PR? This is not perfect but it is already much better than the current situation.
The big missing part is for special characters represented by their ASCII code.
I guess that your patch with a proper comment would be a good improvement already