Do not HTML-Escape non-html AtomEntity.Content


The implementation of AtomContent.WriteTo() uses System.Xml.XmlWriter.WriteString(), which HTML-escapes certain characters (as described in MSDN: http://msdn.microsoft.com/en-us/library/system.xml.xmlwriter.writestring.aspx). But if the content type is not an html/xhtml MIME type, it should not be escaped (see Section of RFC 4287 [the Atom Syndication Spec]). Attached is sample code.

file attachments


IanMayo wrote Sep 23, 2008 at 3:12 PM

I'd like to increase the impact of this issue please, since it represents a failure to comply with the Atom spec.

From looking at the code is appears that the following fix is required:
  • identify whether the type of the entry content requires html-escapes
  • use plain writer/html-escaping writer as required

wrote Oct 27, 2009 at 10:44 AM

wrote Nov 13, 2009 at 9:14 AM

wrote Dec 6, 2009 at 11:25 PM

wrote Feb 14, 2013 at 7:26 PM