Skip to content

Comments

Escape any stray CDATA end tokens that may be in the post contents#396

Open
Kronopath wants to merge 1 commit intojekyll:masterfrom
Kronopath:escape-cdata
Open

Escape any stray CDATA end tokens that may be in the post contents#396
Kronopath wants to merge 1 commit intojekyll:masterfrom
Kronopath:escape-cdata

Conversation

@Kronopath
Copy link

@Kronopath Kronopath commented Nov 14, 2023

Description

Normally you wouldn't have any CDATA end tokens ]]> in post content, because > gets converted to >.

However, in certain circumstances, like HTML comments, one can slip through the markdown parser unescaped. This totally breaks the XML, and the only way around it is to escape the end token.

The only real way to escape CDATA end tokens is to split them up. I.e. instead of having a single string ]]>, we instead have ]] (end CDATA) (start another CDATA) >. The two adjacent CDATAs will then be concatenated.

That looks like this messy string: ]]]]><![CDATA[>. The first ]] is the first part of the split token, the following ]]> ends the CDATA, <![CDATA[ starts another one, and the final > is the second part of the split token.

This pull request does the following:

  1. Escapes any ]]> strings in both post content and summary in the feed.xml as described above
  2. Adds a test case in rspec over this, adding it to the "March the Fourth" post in spec/fixtures.

Test plan

Before the feed.xml changes (but with the test case in place):

jekyll-feed $ bundle exec rspec
Run options: include {:focus=>true}

All examples were filtered out; ignoring {:focus=>true}

Randomized with seed 53922
.....................F................................................

Failures:

  1) JekyllFeed validation validates
     Failure/Error: expect(result.css("validity").text).to eql("true"), errors.join("\n")
     
       Validation error: Undefined content element: p on line 4 column 0
       Validation error: XML parsing error: <unknown>:4:26: not well-formed (invalid token) on line 4 column 26
     # ./spec/jekyll-feed_spec.rb:280:in `block (3 levels) in <top (required)>'

Finished in 3.04 seconds (files took 0.60692 seconds to load)
70 examples, 1 failure

Failed examples:

rspec ./spec/jekyll-feed_spec.rb:254 # JekyllFeed validation validates

After the feed.xml changes:

jekyll-feed $ bundle exec rspec
Run options: include {:focus=>true}

All examples were filtered out; ignoring {:focus=>true}

Randomized with seed 46246
......................................................................

Finished in 3.09 seconds (files took 0.61881 seconds to load)
70 examples, 0 failures

@Kronopath
Escape any stray CDATA end tokens that may be in the post contents
d7c0c3f 
Normally you wouldn't have any CDATA end tokens ]]> in post content, because > gets converted to &gt;. However, in certain circumstances, like HTML comments, one can slip through unescaped.

The only real way to escape CDATA end tokens is to split them up. I.e. instead of having a single string ]]>, we instead have ]](end CDATA)(start another CDATA)>. The two adjacent CDATAs will then be concatenated. That looks like this very messy string: ]]]]><![CDATA[>
@Kronopath Kronopath mentioned this pull request Nov 14, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Kronopath