fix: XML escape package description (#3)

Packages with characters not legal in XML (for example &) in package description are rejected by Cholatey client, with malformed XML message. This pull request fixes that.
shaka-project · Oct 4, 2023 · 71068d4 · 71068d4
2 parents f3c78d0 + e17e3e4
commit 71068d4
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 1 deletion.
diff --git a/chocolatey-server.js b/chocolatey-server.js
@@ -8,6 +8,7 @@ const AdmZip = require('adm-zip');
 const express = require('express');
 const fs = require('fs/promises');
 const xmldoc = require('xmldoc');
+const xmlescape = require('xml-escape');
 
 const CONTENT_TYPE = 'Content-Type';
 const ATOM_MIME_TYPE = 'application/atom+xml; charset=utf-8';
@@ -174,7 +175,7 @@ async function configureRoutes(app, prefix, packageMetadataList) {
 
   function formatPackages(matchedPackages, req) {
     const entries = matchedPackages.map((entry) => {
-      return entryTemplate.replace(/{(.*)}/g, (match, key) => entry[key] || '');
+      return entryTemplate.replace(/{(.*)}/g, (match, key) => xmlescape(entry[key]) || '');
     });
 
     const url_root = req.protocol + '://' + req.get('host');

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -23,6 +23,7 @@
   "dependencies": {
     "adm-zip": "^0.5.9",
     "express": "^4.18.2",
+    "xml-escape": "^1.1.0",
     "xmldoc": "^1.2.0"
   },
   "engines": {