Skip to content

Commit

Permalink
(chocolatey#27) Escape PackageProperties elements
Browse files Browse the repository at this point in the history
On .Net fx, the PackageProperties elements have xml special chars
escaped. On Mono, they do not get escaped. mono/mono#21227

In the process of reading the nuspec metadata, escaped chars like "<"
get converted back into what they represent, for example "<". This is
not an issue on Windows, but is it an issue on Mono.

This manually escapes xml special chars from the PackageProperties
strings. The id and version are not escaped, as they cannot contain xml
special chars in the first place.
  • Loading branch information
TheCakeIsNaOH committed Sep 29, 2021
1 parent 4c6bbc9 commit 4903842
Showing 1 changed file with 7 additions and 6 deletions.
13 changes: 7 additions & 6 deletions src/Core/Authoring/PackageBuilder.cs
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
using System.IO;
using System.IO.Packaging;
using System.Linq;
using System.Security;
using NuGet.Resources;

namespace NuGet
Expand Down Expand Up @@ -302,14 +303,14 @@ public void Save(Stream stream)
WriteFiles(package);

// Copy the metadata properties back to the package
package.PackageProperties.Creator = String.Join(",", Authors);
package.PackageProperties.Description = Description;
package.PackageProperties.Creator = SecurityElement.Escape(String.Join(",", Authors));
package.PackageProperties.Description = SecurityElement.Escape(Description);
package.PackageProperties.Identifier = Id;
package.PackageProperties.Version = Version.ToString();
package.PackageProperties.Language = Language;
package.PackageProperties.Keywords = ((IPackageMetadata)this).Tags;
package.PackageProperties.Title = Title;
package.PackageProperties.LastModifiedBy = CreatorInfo();
package.PackageProperties.Language = SecurityElement.Escape(Language);
package.PackageProperties.Keywords = SecurityElement.Escape(((IPackageMetadata)this).Tags);
package.PackageProperties.Title = SecurityElement.Escape(Title);
package.PackageProperties.LastModifiedBy = SecurityElement.Escape(CreatorInfo());
}
}

Expand Down

0 comments on commit 4903842

Please sign in to comment.