From 178c01d2fa12fe8b0676e1676d0d40613f167c69 Mon Sep 17 00:00:00 2001
From: Matthias Klumpp <matthias@tenstral.net>
Date: Wed, 13 May 2020 21:45:32 +0200
Subject: [PATCH] Properly escape markup when fixing invalid description data

This resolves https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960491
and possibly more issues when AppStream was fed broken metainfo files.
---
 src/as-xml.c | 26 +++++++++++++++-----------
 src/as-xml.h |  2 +-
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/src/as-xml.c b/src/as-xml.c
index 962bdf9a..1935e37b 100644
--- a/src/as-xml.c
+++ b/src/as-xml.c
@@ -112,10 +112,10 @@ as_xml_dump_node (xmlNode *node, gchar **content, gssize *len)
 }
 
 /**
- * as_xml_dump_node_content:
+ * as_xml_dump_node_content_raw:
  */
 gchar*
-as_xml_dump_node_content (xmlNode *node)
+as_xml_dump_node_content_raw (xmlNode *node)
 {
 	g_autofree gchar *content = NULL;
 	gchar *tmp;
@@ -170,10 +170,10 @@ as_xml_dump_node_children (xmlNode *node)
 }
 
 /**
- * as_xml_dump_desc_para_node_content:
+ * as_xml_dump_desc_para_node_content_raw:
  */
 static gchar*
-as_xml_dump_desc_para_node_content (xmlNode *node)
+as_xml_dump_desc_para_node_content_raw (xmlNode *node)
 {
 	gboolean is_valid_markup = TRUE;
 
@@ -198,11 +198,15 @@ as_xml_dump_desc_para_node_content (xmlNode *node)
 	 * was deemed valid. Otherwise we will just try to dump any string content, and hope
 	 * people call the validator on their files to see that their metadata is broken.
 	 * TODO: Parse the data properly, and remove only the bad nodes on error, if libxml permits
-	 * that somehow? */
-	if (is_valid_markup)
-		return as_xml_dump_node_content (node);
-	else
-		return as_xml_get_node_value (node);
+	 * that in an efficient way? */
+	if (G_LIKELY (is_valid_markup)) {
+		return as_xml_dump_node_content_raw (node);
+	} else {
+		g_autofree gchar *tmp = as_xml_get_node_value (node);
+		if (G_UNLIKELY (tmp == NULL))
+			return NULL;
+		return g_markup_escape_text (tmp, -1);
+	}
 }
 
 /**
@@ -405,7 +409,7 @@ as_xml_parse_metainfo_description_node (AsContext *ctx, xmlNode *node, GHFunc fu
 				g_hash_table_insert (desc, g_strdup (lang), str);
 			}
 
-			content = as_xml_dump_desc_para_node_content (iter);
+			content = as_xml_dump_desc_para_node_content_raw (iter);
 			if (content != NULL)
 				g_string_append_printf (str, "<p>%s</p>\n", content);
 
@@ -443,7 +447,7 @@ as_xml_parse_metainfo_description_node (AsContext *ctx, xmlNode *node, GHFunc fu
 					g_hash_table_insert (desc, g_strdup (lang), str);
 				}
 
-				content = as_xml_dump_desc_para_node_content (iter2);
+				content = as_xml_dump_desc_para_node_content_raw (iter2);
 				if (content != NULL)
 					g_string_append_printf (str, "  <%s>%s</%s>\n", (gchar*) iter2->name, content, (gchar*) iter2->name);
 			}
diff --git a/src/as-xml.h b/src/as-xml.h
index 50a38082..ff1efc56 100644
--- a/src/as-xml.h
+++ b/src/as-xml.h
@@ -53,7 +53,7 @@ void		as_xml_parse_metainfo_description_node (AsContext *ctx,
 							GHFunc func,
 							gpointer entity);
 
-gchar		*as_xml_dump_node_content (xmlNode *node);
+gchar		*as_xml_dump_node_content_raw (xmlNode *node);
 gchar		*as_xml_dump_node_children (xmlNode *node);
 
 void		as_xml_add_description_node (AsContext *ctx,