Skip to content

fix(rss/atom): sanitize enclosure URLs containing &#228

Merged
jpmonette merged 2 commits into
jpmonette:masterfrom
chick-p:fix/sanitize-enclosure-url
Apr 19, 2026
Merged

fix(rss/atom): sanitize enclosure URLs containing &#228
jpmonette merged 2 commits into
jpmonette:masterfrom
chick-p:fix/sanitize-enclosure-url

Conversation

@chick-p

@chick-p chick-p commented Oct 6, 2025

Copy link
Copy Markdown
Contributor

Fixes #227.

@jpmonette

jpmonette commented Jan 11, 2026

Copy link
Copy Markdown
Owner

@chick-p Thanks for the contribution. Could you provide some simple tests for this please?

@Greenheart

Greenheart commented Jan 12, 2026

Copy link
Copy Markdown
Contributor

@chick-p I can't edit the git branch directly, but here are some ideas for minimal tests:

The example from the issue could be added as two new test cases - one for RSS and another for Atom:

Invalid:

<enclosure url="https://example.com/hello&world.png" />

Should be sanitized into this:

<enclosure url="https://example.com/hello&amp;world.png" />

These examples could be wrapped in minimal XML and RSS files to represent full test cases.

  • Test URL sanitization for RSS
  • Test URL sanitization for Atom

@chick-p chick-p force-pushed the fix/sanitize-enclosure-url branch from eaaeb29 to 1aafed9 Compare January 12, 2026 11:57
@chick-p

chick-p commented Jan 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor Author

@jpmonette @Greenheart
Thank you for the suggestion!
I've added tests to ensure that enclosure URLs containing & are properly sanitized in both RSS and Atom outputs.
If you have any other feedback or requests, please let me know.

Greenheart
Greenheart approved these changes Jan 12, 2026
View reviewed changes

@Greenheart Greenheart left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding the tests! This looks good :)

@jpmonette jpmonette merged commit fcc8900 into jpmonette:master Apr 19, 2026
@drinconbinwus

drinconbinwus commented Jun 10, 2026

Copy link
Copy Markdown

Hey, sorry to bring up an already merged PR, just wondering if there is a timeline for this landing on a release? The 5.2.1 version does not seem to include this fix from what i can see. I currently have a patch with the contents of this PR, but it would be nice to have it on a proper release to drop the patch :)

@drinconbinwus drinconbinwus mentioned this pull request Jun 10, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Greenheart Greenheart Greenheart approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Enclosure URLs with & are not properly escaped in XML output

4 participants

@chick-p @jpmonette @Greenheart @drinconbinwus