Skip to content

Fix release notes escaping#774

Merged
caesay merged 3 commits intodevelopfrom
pr-758
Feb 23, 2026
Merged

Fix release notes escaping#774
caesay merged 3 commits intodevelopfrom
pr-758

Conversation

@caesay
Copy link
Member

@caesay caesay commented Feb 23, 2026

Closes #666
Closes #758

James LaPenn and others added 3 commits February 23, 2026 00:26
@caesay
Fix XML escaping for release notes with special characters
0354d7f 
Release notes containing XML special characters (specifically ampersands)
would cause System.Xml.XmlException during package creation when the
nuspec file was parsed.

This fix ensures all release notes content is properly escaped using
SecurityElement.Escape() before being added to the nuspec XML. For any
content that remains invalid after escaping, it falls back to CDATA
wrapping with proper handling of ]]> sequences.

Added comprehensive unit tests that validate the escaping logic works
correctly for all problematic content including XML chars, unicode,
control characters, CDATA-like sequences, and very long content.

Fixes #666
@caesay
Change release notes to CDATA-only to prevent content alteration
5223780 
Previous approach used SecurityElement.Escape() which converted special
characters like & to &amp;, < to &lt;, etc. This caused content to be
altered when round-tripped through the package - users would see &amp;
instead of & in their release notes.

CDATA treats all content as literal text, so no escaping is needed.
Only special case is ]]> which terminates CDATA - split it into
]]]]><![CDATA[> to preserve the sequence.

- Remove SecurityElement.Escape() from PackageBuilder.addMetadata()
- Always wrap content in CDATA
- Add unit tests verifying ]]> preservation and no double-escaping
- Fixes #666
@caesay
Conditionally wrap metadata with CDATA. Add rust tests and fix rust p…
35a3a5e 
…arsing bug.
@codecov
Copy link

codecov bot commented Feb 23, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 43.28%. Comparing base (60449e9) to head (35a3a5e).
⚠️ Report is 3 commits behind head on develop.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop     #774      +/-   ##
===========================================
+ Coverage    42.76%   43.28%   +0.51%     
===========================================
  Files          258      258              
  Lines        19532    19590      +58     
  Branches      2122     2122              
===========================================
+ Hits          8353     8479     +126     
+ Misses       10798    10722      -76     
- Partials       381      389       +8

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@caesay caesay merged commit 828e3c8 into develop Feb 23, 2026
58 checks passed
@caesay caesay deleted the pr-758 branch February 23, 2026 00:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

System.Xml.XmlException when release notes contain an ampersand

1 participant

@caesay