Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

new - Escape illegal XML characters that would be passed into the nuspec #1534

Open
SolidKnight opened this issue Apr 4, 2018 · 4 comments · May be fixed by #2175
Open

new - Escape illegal XML characters that would be passed into the nuspec #1534

SolidKnight opened this issue Apr 4, 2018 · 4 comments · May be fixed by #2175
Assignees
@rpolley
Labels
3 - Review Improvement Priority_LOW Up For Grabs
Milestone
Future

Comments

@SolidKnight
Copy link

What You Are Seeing?

choco new permits illegal XML characters to be passed into the .nuspec file which can prevent choco pack from succeeding.

What is Expected?

It should either reject the input or correct it automatically--the later being nicer option when setting the title to the software's display name automatically/with helper tools.

In my specific situation, my package names are CLI friendly and follow a predictable scheme while the title is set to match the package's name as it appears in Programs and Features. Some of the names contain characters such as &. The behavior of choco new places the burden on the toolmaker for sanitizing input.

How Did You Get This To Happen? (Steps to Reproduce)

Pass in an illegal XML character into the title element with choco new.
choco new A^&B using CMD
It lets you despite how that will not be able to be packaged.

Or directly edit the .nuspec as such

<title>Veeam Backup & Replication Console</title>

Execute choco pack ...

An error occurred while parsing EntityName. Line 37, position 26.
or
'<' is an unexpected token. The expected token is ';'. Line 25, position 12.
@ferventcoder
Copy link
Member

I think correcting it would be nice, definitely. We are unlikely to constrain the tool though, if that makes sense. If you want to pass in things or do things that we necessarily wouldn't recommend, that's up to the consumer, not necessarily the software vendor.

@ferventcoder ferventcoder added this to the 0.10.x milestone Apr 4, 2018
@ferventcoder
Copy link
Member

I've marked this up for grabs, so if you or anyone else wants to take a stab at it, we'd be up for taking that PR.

@ferventcoder ferventcoder changed the title choco new permits illegal XML characters to be passed into the .nuspec file new - Escape illegal XML characters that would be passed into the nuspec Apr 4, 2018
@ferventcoder
Copy link
Member

I've updated the title to reflect this.

@ferventcoder ferventcoder mentioned this issue Apr 17, 2018
Closed
@rpolley
Copy link

rpolley commented Jan 9, 2021

Going to take a stab at this.

@rpolley rpolley linked a pull request Jan 13, 2021 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rpolley rpolley

Labels
3 - Review Improvement Priority_LOW Up For Grabs
Projects
None yet
Milestone
Future
Development

Successfully merging a pull request may close this issue.

(#1534) Escape illegal xml characters when using choco new rpolley/choco
4 participants
@ferventcoder @rpolley @SolidKnight @TheCakeIsNaOH