From: "headius (Charles Nutter)" <noreply@...>
Date: 2022-03-16T17:18:52+00:00
Subject: [ruby-core:107923] [Ruby master Bug#16922] single quote should be escaped in xml

Issue #16922 has been updated by headius (Charles Nutter).

Backport changed from 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN to 2.5: UNKNOWN, 2.6: REQUIRED, 2.7: REQUIRED, 3.0: REQUIRED

Requesting backport to 2.6. JRuby runs the CRuby test suite and wants to fix the same issue, but the existing tests in ruby_2_6 branch fail.

----------------------------------------
Bug #16922: single quote should be escaped in xml
https://bugs.ruby-lang.org/issues/16922#change-96870

* Author: lisbethw1130 (Lisbeth Wu)
* Status: Closed
* Priority: Normal
* Assignee: akr (Akira Tanaka)
* ruby -v: ruby 2.6.3p62 (2019-04-16 revision 67580) [x86_64-darwin18]
* Backport: 2.5: UNKNOWN, 2.6: REQUIRED, 2.7: REQUIRED, 3.0: REQUIRED
----------------------------------------
This is Lisbeth from Taiwan. I'm trying to convert a string to xml by using 'string'.encode(xml: :attr) but single quote doesn't escape as expected
Here's the spec shows which character needs to be escaped: https://www.w3.org/TR/xml/#dt-escape

and I found a more clean table in sitemap spec: https://www.sitemaps.org/protocol.html#escaping
```
Ampersand 	& 	&amp;
Single Quote 	' 	&apos;
Double Quote 	" 	&quot;
Greater Than 	> 	&gt;
Less Than 	< 	&lt;
```

expected output:
> puts ':$+,;:=?@&\'"><'.encode(xml: :attr)
```
":$+,;:=?@&amp; **&apos;** &quot;&gt;&lt;"
```

real output:
> ```
> ":$+,;:=?@&amp; **'** &quot;&gt;&lt;"
> ```

Thanks for helping



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>