Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Escape any stray CDATA end tokens that may be in the post contents #396

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Escape any stray CDATA end tokens that may be in the post contents #396

wants to merge 1 commit into from

Conversation

Kronopath
Copy link

Description

Normally you wouldn't have any CDATA end tokens ]]> in post content, because > gets converted to >.

However, in certain circumstances, like HTML comments, one can slip through the markdown parser unescaped. This totally breaks the XML, and the only way around it is to escape the end token.

The only real way to escape CDATA end tokens is to split them up. I.e. instead of having a single string ]]>, we instead have ]] (end CDATA) (start another CDATA) >. The two adjacent CDATAs will then be concatenated.

That looks like this messy string: ]]]]><![CDATA[>. The first ]] is the first part of the split token, the following ]]> ends the CDATA, <![CDATA[ starts another one, and the final > is the second part of the split token.

This pull request does the following:

  1. Escapes any ]]> strings in both post content and summary in the feed.xml as described above
  2. Adds a test case in rspec over this, adding it to the "March the Fourth" post in spec/fixtures.

Test plan

Before the feed.xml changes (but with the test case in place):

jekyll-feed $ bundle exec rspec
Run options: include {:focus=>true}

All examples were filtered out; ignoring {:focus=>true}

Randomized with seed 53922
.....................F................................................

Failures:

  1) JekyllFeed validation validates
     Failure/Error: expect(result.css("validity").text).to eql("true"), errors.join("\n")
     
       Validation error: Undefined content element: p on line 4 column 0
       Validation error: XML parsing error: <unknown>:4:26: not well-formed (invalid token) on line 4 column 26
     # ./spec/jekyll-feed_spec.rb:280:in `block (3 levels) in <top (required)>'

Finished in 3.04 seconds (files took 0.60692 seconds to load)
70 examples, 1 failure

Failed examples:

rspec ./spec/jekyll-feed_spec.rb:254 # JekyllFeed validation validates

After the feed.xml changes:

jekyll-feed $ bundle exec rspec
Run options: include {:focus=>true}

All examples were filtered out; ignoring {:focus=>true}

Randomized with seed 46246
......................................................................

Finished in 3.09 seconds (files took 0.61881 seconds to load)
70 examples, 0 failures

@Kronopath
Escape any stray CDATA end tokens that may be in the post contents
d7c0c3f 
Normally you wouldn't have any CDATA end tokens ]]> in post content, because > gets converted to &gt;. However, in certain circumstances, like HTML comments, one can slip through unescaped.

The only real way to escape CDATA end tokens is to split them up. I.e. instead of having a single string ]]>, we instead have ]](end CDATA)(start another CDATA)>. The two adjacent CDATAs will then be concatenated. That looks like this very messy string: ]]]]><![CDATA[>
@Kronopath Kronopath mentioned this pull request Nov 14, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@Kronopath