html unescape name strings from the index

This seems like a bug of some sort in fdroidserver; there's no apparent reason why these names should contain HTML escape sequences. The name fields are plaintext strings, so it's not like they can contain any HTML elements. One possible explanation is how fdroidserver obtains these strings from the built APKs. Since the information is inside xml files, perhaps the code is buggy and doesn't unescape the strings before using them for the index. For now, do the unescaping on the client side.
7 years ago · cdbe2009a2
2 changed files with 15 additions and 0 deletions
--- a/fdroid/index.go
+++ b/fdroid/index.go
@ -7,6 +7,7 @@ import (
 	"encoding/json"
 	"encoding/xml"
 	"fmt"
+	"html"
 	"io"
 	"sort"
 	"strings"
@ -272,6 +273,10 @@ func LoadIndexJSON(r io.Reader) (*Index, error) {
 		if !enOK {
 			english, enOK = app.Localized["en-US"]
 		}
+
+		// TODO: why does the json index contain html escapes?
+		app.Name = html.UnescapeString(app.Name)
+
 		if app.Summary == "" && enOK {
 			app.Summary = english.Summary
 		}
@ -284,6 +289,10 @@ func LoadIndexJSON(r io.Reader) (*Index, error) {
 			apk := &index.Packages[app.PackageName][i]
 			apk.AppID = app.PackageName
 			apk.RepoURL = index.Repo.Address
+
+			// TODO: why does the json index contain html escapes?
+			apk.VersName = html.UnescapeString(apk.VersName)
+
 			app.Apks = append(app.Apks, apk)
 		}
 	}
--- a/testdata/scripts/show.txt
+++ b/testdata/scripts/show.txt
@ -9,3 +9,9 @@ stdout 'fdroid/fdroidclient'
 fdroidcl show org.fdroid.fdroid org.fdroid.fdroid.privileged
 stdout 'fdroid/fdroidclient'
 stdout 'fdroid/privileged-extension'
+
+fdroidcl show org.pocketworkstation.pckeyboard info.metadude.android.bitsundbaeume.schedule
+! stdout '&apos'
+! stdout '&amp'
+stdout 'Name.*Hacker''s Keyboard'
+stdout 'Version.*Bits & Bäume'