4
Vote

Do not HTML-Escape non-html AtomEntity.Content

description

The implementation of AtomContent.WriteTo() uses System.Xml.XmlWriter.WriteString(), which HTML-escapes certain characters (as described in MSDN: http://msdn.microsoft.com/en-us/library/system.xml.xmlwriter.writestring.aspx). But if the content type is not an html/xhtml MIME type, it should not be escaped (see Section 4.1.3.1 of RFC 4287 [the Atom Syndication Spec]). Attached is sample code.

file attachments

comments

IanMayo wrote Sep 23, 2008 at 3:12 PM

Hi,
I'd like to increase the impact of this issue please, since it represents a failure to comply with the Atom spec.

From looking at the code is appears that the following fix is required:
  • identify whether the type of the entry content requires html-escapes
  • use plain writer/html-escaping writer as required
cheers,
Ian.