From b6a6ee5c00deecaeea0483fa0827be39f8dd0bba Mon Sep 17 00:00:00 2001
From: Andreas Schwab <schwab@suse.de>
Date: Tue, 4 Apr 2023 14:35:24 +0200
Subject: [PATCH] Decode entities in HTTPError message body

---
 osc/_private/api.py | 13 +++++++++++++
 osc/babysitter.py   |  2 +-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/osc/_private/api.py b/osc/_private/api.py
index d6e36787..0ab6993a 100644
--- a/osc/_private/api.py
+++ b/osc/_private/api.py
@@ -168,6 +168,19 @@ def xml_escape(string):
     return xml.sax.saxutils.escape(string, entities=entities)
 
 
+def xml_unescape(string):
+    """
+    Decode XML entities in the string.
+    """
+    entities = {
+        "&quot;": "\"",
+        "&apos;": "'",
+    }
+    if isinstance(string, bytes):
+        return xml.sax.saxutils.unescape(string.decode("utf-8"), entities=entities).encode("utf-8")
+    return xml.sax.saxutils.unescape(string, entities=entities)
+
+
 def xml_indent(root):
     """
     Indent XML so it looks pretty after printing or saving to file.
diff --git a/osc/babysitter.py b/osc/babysitter.py
index d1cc3932..8b2085ea 100644
--- a/osc/babysitter.py
+++ b/osc/babysitter.py
@@ -115,7 +115,7 @@ def run(prg, argv=None):
             if b'<summary>' in body:
                 msg = body.split(b'<summary>')[1]
                 msg = msg.split(b'</summary>')[0]
-                msg = _private.api.xml_escape(msg)
+                msg = _private.api.xml_unescape(msg)
                 print(decode_it(msg), file=sys.stderr)
         if e.code >= 500 and e.code <= 599:
             print(f'\nRequest: {e.filename}')