Channel description of RSS feeds is double-escaped

So it should be &, correct?

See https://www.w3.org/TR/REC-xml/#dt-chardata

What I found when trying to reproduce this issue is that Views outputs <channel><description>Training &amp;amp; Events</description></channel> as the feed description.

However, it is recommended to output <channel><description>Training &amp; Events</description></channel>

My interpretation of what the feed validator is saying is that it's recommended that a feed description be semantically considered to be plain text, and thus a user-entered feed description should be encoded once to be rendered in the feed description XML element: <channel><description>Training &amp; Events</description></channel>

An item description, on the other hand, could be semantically considered to be markup, thus a user-entered item description would be encoded once to render valid markup from the entered text, and a second time to be rendered in the item description XML element: <item><description>Training &amp;amp; Events</description></item>

This does seem to be pretty heavily related to 🐛 [10.2 regression] RSS feeds invalid due to   Fixed after all, although it's a separate bug in the same code.

It appears that \Drupal\Core\EventSubscriber\RssResponseRelativeUrlFilter::transformRootRelativeUrlsToAbsolute() is operating on channel description elements, but it should not, as these are considered to be human-readable plain text. It should only be operating on item description elements, which are considered to be markup.

@OMD can you test my attempted fix in MR 6842? If it resolves the warning then we can update issue summary, add a test and reroll as a merge request on 11.x branch.

The & is being escaped twice?

@cilefen Yes, that's what I found when trying to reproduce the issue. If we confirm that the issue is basically the opposite of the title then I will update it :)

Added unit test coverage for & in channel description element.

From reading the issue summary provided I believe @mfb you were correct in your assumption.

So can the issue summary be updated to match. Also MR should probably be pointed to 11.x

Thanks.

Thanks @mfb!

Ran the test-only feature here https://git.drupalcode.org/issue/drupal-3424768/-/jobs/983276 which showed the test failure.

The change to the loop makes sense and fixes the issue following the scenario described.

The findings here match with the comment in template_preprocess_views_view_rss():

  // The RSS 2.0 "spec" doesn't indicate HTML can be used in the description.
  // We strip all HTML tags, but need to prevent double encoding from properly
  // escaped source data (such as &amp becoming &).
  $variables['description'] = Html::decodeEntities(strip_tags($style->getDescription()));

Committed and pushed e8db570e86 to 11.x and 3ff7664833 to 10.3.x and e851b33905 to 10.2.x. Thanks!

longwave → closed merge request !6842

Automatically closed - issue fixed for 2 weeks with no activity.