From b30c1db47c05c6f5454efc03ac07381b93324c59 Mon Sep 17 00:00:00 2001
From: Arthur Zamarin <arthurzam@gentoo.org>
Date: Tue, 16 Apr 2024 22:45:14 +0300
Subject: atom feeds: fix escaping of xml

Resolves: https://github.com/gentoo/soko/issues/24
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
---
 pkg/app/handler/feeds/changes.go   | 3 ++-
 pkg/app/handler/feeds/packages.go  | 3 ++-
 pkg/app/handler/maintainer/show.go | 3 ++-
 pkg/app/utils/stabilization.go     | 4 ++--
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/pkg/app/handler/feeds/changes.go b/pkg/app/handler/feeds/changes.go
index 39fd408..a4adcfa 100644
--- a/pkg/app/handler/feeds/changes.go
+++ b/pkg/app/handler/feeds/changes.go
@@ -2,6 +2,7 @@ package feeds
 
 import (
 	"fmt"
+	"html"
 	"net/http"
 	"soko/pkg/models"
 	"time"
@@ -29,7 +30,7 @@ func addFeedItems(f *feeds.Feed, versions []*models.Version) {
 		item := &feeds.Item{
 			Title:       cpv,
 			Link:        &feeds.Link{Href: "https://packages.gentoo.org/package/" + version.Atom},
-			Description: version.Description,
+			Description: html.EscapeString(version.Description),
 			Author:      &feeds.Author{Name: "unknown"},
 			Created:     time.Now(),
 		}
diff --git a/pkg/app/handler/feeds/packages.go b/pkg/app/handler/feeds/packages.go
index d953af3..2186401 100644
--- a/pkg/app/handler/feeds/packages.go
+++ b/pkg/app/handler/feeds/packages.go
@@ -2,6 +2,7 @@ package feeds
 
 import (
 	"fmt"
+	"html"
 	"net/http"
 	"soko/pkg/models"
 	"time"
@@ -28,7 +29,7 @@ func addPackageFeedItems(f *feeds.Feed, gpackages []models.Package) {
 		item := &feeds.Item{
 			Title:       gpackage.Atom,
 			Link:        &feeds.Link{Href: "https://packages.gentoo.org/package/" + gpackage.Atom},
-			Description: gpackage.Longdescription,
+			Description: html.EscapeString(gpackage.Longdescription),
 			Author:      &feeds.Author{Name: "unknown"},
 			Created:     time.Now(),
 		}
diff --git a/pkg/app/handler/maintainer/show.go b/pkg/app/handler/maintainer/show.go
index 2beb31c..c6262b1 100644
--- a/pkg/app/handler/maintainer/show.go
+++ b/pkg/app/handler/maintainer/show.go
@@ -2,6 +2,7 @@ package maintainer
 
 import (
 	"encoding/json"
+	"html"
 	"net/http"
 	"soko/pkg/app/handler/packages/components"
 	"soko/pkg/app/layout"
@@ -103,7 +104,7 @@ func ShowChangelogFeed(w http.ResponseWriter, r *http.Request) {
 
 	for _, commit := range commits {
 		feed.Add(&feeds.Item{
-			Title:   commit.Message,
+			Title:   html.EscapeString(commit.Message),
 			Updated: commit.CommitterDate,
 			Created: commit.AuthorDate,
 			Author:  &feeds.Author{Name: commit.CommitterName, Email: commit.CommitterEmail},
diff --git a/pkg/app/utils/stabilization.go b/pkg/app/utils/stabilization.go
index 85a8111..8757440 100644
--- a/pkg/app/utils/stabilization.go
+++ b/pkg/app/utils/stabilization.go
@@ -3,12 +3,12 @@ package utils
 import (
 	"encoding/json"
 	"encoding/xml"
+	"html"
 	"net/http"
 	"soko/pkg/models"
 	"strings"
 	"time"
 
-	"github.com/a-h/templ"
 	"github.com/gorilla/feeds"
 )
 
@@ -77,7 +77,7 @@ func StabilizationFeed(w http.ResponseWriter, link, title string, results []*mod
 	for _, pkgcheck := range results {
 		feed.Add(&feeds.Item{
 			Title:       pkgcheck.CPV,
-			Description: templ.EscapeString(pkgcheck.Message),
+			Description: html.EscapeString(pkgcheck.Message),
 			Link:        &feeds.Link{Href: "https://packages.gentoo.org/packages/" + pkgcheck.Atom, Type: "text/html", Rel: "alternate"},
 			Id:          pkgcheck.CPV,
 		})
-- 
cgit v1.2.3-65-gdbad