Sanitizing XML feeds (#125)

* Sanitizing XML feeds

* Adding missing things from previous commit and also support for image with more data

* Fix RSS ignoring item.id (#105)

* Change id to a guid

This improves the tests. It also replicates #96.

* Fix RSS ignoring item.id

Fixes #96 with the code that KnicKnic suggested

* Bump lodash from 4.17.11 to 4.17.15 (#106)

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.15.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.11...4.17.15)

Signed-off-by: dependabot[bot] <support@github.com>

* Create FUNDING.yml

* Bump handlebars from 4.1.2 to 4.5.3 (#110)

Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.1.2 to 4.5.3.
- [Release notes](https://github.com/wycats/handlebars.js/releases)
- [Changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.1.2...v4.5.3)

Signed-off-by: dependabot[bot] <support@github.com>

* Item category for all feed types (#109)

* Item category for all feed types.

* updated version

* use rimraf instead of rm -rf for dev purposes.

* Bump to 4.1.0

* Bump acorn from 5.7.3 to 5.7.4 (#116)

Bumps [acorn](https://github.com/acornjs/acorn) from 5.7.3 to 5.7.4.
- [Release notes](https://github.com/acornjs/acorn/releases)
- [Commits](acornjs/acorn@5.7.3...5.7.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat: 🎸 add mandatory rss2 attributes on enclosure (#120)

Co-authored-by: Decebal Dobrica <decebal.dobrica@tellimer.com>

* fix: 🐛 atom link needs to point to self (#122)

✅ Closes: 113

Co-authored-by: Decebal Dobrica <decebal.dobrica@tellimer.com>

* Update dependencies + Formatting + Add Comments (#123)

* Update dependencies

* Update formating

* Add comments

* Bump to 4.2.0

Co-authored-by: Karl Ravn <karl.ravn@schibsted.com>
Co-authored-by: Joseph Dykstra <josephdykstra@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jean-Philippe Monette <jpmonette@users.noreply.github.com>
Co-authored-by: mattimbrain <matti.kaivanto@m-brain.com>
Co-authored-by: Jean-Philippe Monette <contact@jpmonette.net>
Co-authored-by: Decebal Dobrica <decebal.dobrica@tellimer.com>

src/__tests__/__snapshots__/atom1.spec.ts.snap

@@ -10,7 +10,7 @@ exports[`atom 1.0 should generate a valid feed 1`] = `
     <author>
         <name>John Doe</name>
         <email>johndoe@example.com</email>
-        <uri>https://example.com/johndoe</uri>
+        <uri>https://example.com/johndoe?link=sanitized&amp;value=2</uri>
     </author>
     <link rel=\\"alternate\\" href=\\"http://example.com/\\"/>
     <link rel=\\"self\\" href=\\"http://example.com/sampleFeed.rss\\"/>
@@ -27,15 +27,15 @@ exports[`atom 1.0 should generate a valid feed 1`] = `
     </contributor>
     <entry>
         <title type=\\"html\\"><![CDATA[Hello World]]></title>
-        <id>419c523a-28f4-489c-877e-9604be64c002</id>
-        <link href=\\"https://example.com/hello-world\\"/>
+        <id>https://example.com/hello-world?id=this&amp;that=true</id>
+        <link href=\\"https://example.com/hello-world?link=sanitized&amp;value=2\\"/>
         <updated>2013-07-13T23:00:00.000Z</updated>
         <summary type=\\"html\\"><![CDATA[This is an article about Hello World.]]></summary>
         <content type=\\"html\\"><![CDATA[Content of my item]]></content>
         <author>
             <name>Jane Doe</name>
             <email>janedoe@example.com</email>
-            <uri>https://example.com/janedoe</uri>
+            <uri>https://example.com/janedoe?link=sanitized&amp;value=2</uri>
         </author>
         <author>
             <name>Joe Smith</name>

src/__tests__/__snapshots__/json.spec.ts.snap

@@ -10,25 +10,25 @@ exports[`json 1 should generate a valid feed 1`] = `
     \\"icon\\": \\"http://example.com/image.png\\",
     \\"author\\": {
         \\"name\\": \\"John Doe\\",
-        \\"url\\": \\"https://example.com/johndoe\\"
+        \\"url\\": \\"https://example.com/johndoe?link=sanitized&value=2\\"
     },
     \\"_example_extension\\": {
         \\"about\\": \\"just an extension example\\",
         \\"dummy\\": \\"example\\"
     },
     \\"items\\": [
         {
-            \\"id\\": \\"419c523a-28f4-489c-877e-9604be64c002\\",
+            \\"id\\": \\"https://example.com/hello-world?id=this&that=true\\",
             \\"content_html\\": \\"Content of my item\\",
-            \\"url\\": \\"https://example.com/hello-world\\",
+            \\"url\\": \\"https://example.com/hello-world?link=sanitized&value=2\\",
             \\"title\\": \\"Hello World\\",
             \\"summary\\": \\"This is an article about Hello World.\\",
             \\"image\\": \\"https://example.com/hello-world.jpg\\",
             \\"date_modified\\": \\"2013-07-13T23:00:00.000Z\\",
             \\"date_published\\": \\"2013-07-10T23:00:00.000Z\\",
             \\"author\\": {
                 \\"name\\": \\"Jane Doe\\",
-                \\"url\\": \\"https://example.com/janedoe\\"
+                \\"url\\": \\"https://example.com/janedoe?link=sanitized&value=2\\"
             },
             \\"tags\\": [
                 \\"Grateful Dead\\",

src/__tests__/__snapshots__/rss2.spec.ts.snap

@@ -22,8 +22,8 @@ exports[`rss 2.0 should generate a valid feed 1`] = `
         <atom:link href=\\"wss://example.com/\\" rel=\\"hub\\"/>
         <item>
             <title><![CDATA[Hello World]]></title>
-            <link>https://example.com/hello-world</link>
-            <guid>419c523a-28f4-489c-877e-9604be64c002</guid>
+            <link>https://example.com/hello-world?link=sanitized&amp;value=2</link>
+            <guid>https://example.com/hello-world?id=this&amp;that=true</guid>
             <pubDate>Wed, 10 Jul 2013 23:00:00 GMT</pubDate>
             <description><![CDATA[This is an article about Hello World.]]></description>
             <content:encoded><![CDATA[Content of my item]]></content:encoded>
@@ -59,8 +59,8 @@ exports[`rss 2.0 should generate a valid feed with audio 1`] = `
         <atom:link href=\\"wss://example.com/\\" rel=\\"hub\\"/>
         <item>
             <title><![CDATA[Hello World]]></title>
-            <link>https://example.com/hello-world</link>
-            <guid>419c523a-28f4-489c-877e-9604be64c002</guid>
+            <link>https://example.com/hello-world?link=sanitized&amp;value=2</link>
+            <guid>https://example.com/hello-world?id=this&amp;that=true</guid>
             <pubDate>Wed, 10 Jul 2013 23:00:00 GMT</pubDate>
             <description><![CDATA[This is an article about Hello World.]]></description>
             <content:encoded><![CDATA[Content of my item]]></content:encoded>
@@ -135,8 +135,8 @@ exports[`rss 2.0 should generate a valid feed with enclosure 1`] = `
         <atom:link href=\\"wss://example.com/\\" rel=\\"hub\\"/>
         <item>
             <title><![CDATA[Hello World]]></title>
-            <link>https://example.com/hello-world</link>
-            <guid>419c523a-28f4-489c-877e-9604be64c002</guid>
+            <link>https://example.com/hello-world?link=sanitized&amp;value=2</link>
+            <guid>https://example.com/hello-world?id=this&amp;that=true</guid>
             <pubDate>Wed, 10 Jul 2013 23:00:00 GMT</pubDate>
             <description><![CDATA[This is an article about Hello World.]]></description>
             <content:encoded><![CDATA[Content of my item]]></content:encoded>
@@ -198,8 +198,8 @@ exports[`rss 2.0 should generate a valid feed with image properties 1`] = `
         <atom:link href=\\"wss://example.com/\\" rel=\\"hub\\"/>
         <item>
             <title><![CDATA[Hello World]]></title>
-            <link>https://example.com/hello-world</link>
-            <guid>419c523a-28f4-489c-877e-9604be64c002</guid>
+            <link>https://example.com/hello-world?link=sanitized&amp;value=2</link>
+            <guid>https://example.com/hello-world?id=this&amp;that=true</guid>
             <pubDate>Wed, 10 Jul 2013 23:00:00 GMT</pubDate>
             <description><![CDATA[This is an article about Hello World.]]></description>
             <content:encoded><![CDATA[Content of my item]]></content:encoded>

src/__tests__/setup.ts

@@ -23,8 +23,8 @@ export const sampleFeed = new Feed({
   author: {
     name: "John Doe",
     email: "johndoe@example.com",
-    link: "https://example.com/johndoe",
-  },
+    link: "https://example.com/johndoe?link=sanitized&value=2"
+  }
 });
 
 sampleFeed.addCategory("Technology");
@@ -37,15 +37,15 @@ sampleFeed.addContributor({
 
 sampleFeed.addItem({
   title: "Hello World",
-  id: "419c523a-28f4-489c-877e-9604be64c002",
-  link: "https://example.com/hello-world",
+  id: "https://example.com/hello-world?id=this&that=true",
+  link: "https://example.com/hello-world?link=sanitized&value=2",
   description: "This is an article about Hello World.",
   content: "Content of my item",
   author: [
     {
       name: "Jane Doe",
       email: "janedoe@example.com",
-      link: "https://example.com/janedoe",
+      link: "https://example.com/janedoe?link=sanitized&value=2"
     },
     {
       name: "Joe Smith",

src/__tests__/utils.spec.ts

@@ -0,0 +1,15 @@
+import { sanitize } from "../utils";
+
+describe("Sanitizing", () => {
+  it("should sanitize & to &", () => {
+    expect('&').toEqual(sanitize('&'));
+  });
+  it("should handle multiple &", () => {
+    expect('https://test.com/?page=1&size=3&length=10').toEqual(sanitize('https://test.com/?page=1&size=3&length=10'));
+  });
+
+  it("should handle undefined", () => {
+    var undefined;
+    expect(sanitize(undefined)).toBeUndefined();
+  });
+});

src/atom1.ts

@@ -2,6 +2,7 @@ import * as convert from "xml-js";
 import { generator } from "./config";
 import { Feed } from "./feed";
 import { Author, Category, Item } from "./typings";
+import { sanitize } from "./utils";
 
 /**
  * Returns an Atom feed
@@ -17,8 +18,8 @@ export default (ins: Feed) => {
       id: options.id,
       title: options.title,
       updated: options.updated ? options.updated.toISOString() : new Date().toISOString(),
-      generator: options.generator || generator,
-    },
+      generator: sanitize(options.generator || generator)
+    }
   };
 
   if (options.author) {
@@ -29,19 +30,19 @@ export default (ins: Feed) => {
 
   // link (rel="alternate")
   if (options.link) {
-    base.feed.link.push({ _attributes: { rel: "alternate", href: options.link } });
+    base.feed.link.push({ _attributes: { rel: "alternate", href: sanitize(options.link) } });
   }
 
   // link (rel="self")
-  const atomLink = options.feed || (options.feedLinks && options.feedLinks.atom);
+  const atomLink = sanitize(options.feed || (options.feedLinks && options.feedLinks.atom));
 
   if (atomLink) {
-    base.feed.link.push({ _attributes: { rel: "self", href: atomLink } });
+    base.feed.link.push({ _attributes: { rel: "self", href: sanitize(atomLink) } });
   }
 
   // link (rel="hub")
   if (options.hub) {
-    base.feed.link.push({ _attributes: { rel: "hub", href: options.hub } });
+    base.feed.link.push({ _attributes: { rel: "hub", href: sanitize(options.hub) } });
   }
 
   /**************************************************************************
@@ -90,9 +91,9 @@ export default (ins: Feed) => {
 
     let entry: convert.ElementCompact = {
       title: { _attributes: { type: "html" }, _cdata: item.title },
-      id: item.id || item.link,
-      link: [{ _attributes: { href: item.link } }],
-      updated: item.date.toISOString(),
+      id: sanitize(item.id || item.link),
+      link: [{ _attributes: { href: sanitize(item.link) } }],
+      updated: item.date.toISOString()
     };
 
     //
@@ -175,7 +176,7 @@ const formatAuthor = (author: Author) => {
   return {
     name,
     email,
-    uri: link,
+    uri: sanitize(link)
   };
 };
 

src/rss2.ts

@@ -2,6 +2,7 @@ import * as convert from "xml-js";
 import { generator } from "./config";
 import { Feed } from "./feed";
 import { Author, Category, Enclosure, Item } from "./typings";
+import { sanitize } from "./utils";
 
 /**
  * Returns a RSS 2.0 feed
@@ -17,7 +18,7 @@ export default (ins: Feed) => {
       _attributes: { version: "2.0" },
       channel: {
         title: { _text: options.title },
-        link: { _text: options.link },
+        link: { _text: sanitize(options.link) },
         description: { _text: options.description },
         lastBuildDate: { _text: options.updated ? options.updated.toUTCString() : new Date().toUTCString() },
         docs: { _text: options.docs ? options.docs : "https://validator.w3.org/feed/docs/rss2.html" },
@@ -50,7 +51,7 @@ export default (ins: Feed) => {
     base.rss.channel.image = {
       title: { _text: options.title },
       url: { _text: options.image },
-      link: { _text: options.link },
+      link: { _text: sanitize(options.link) }
     };
   }
 
@@ -83,7 +84,7 @@ export default (ins: Feed) => {
     base.rss.channel["atom:link"] = [
       {
         _attributes: {
-          href: atomLink,
+          href: sanitize(atomLink),
           rel: "self",
           type: "application/rss+xml",
         },
@@ -102,9 +103,9 @@ export default (ins: Feed) => {
     }
     base.rss.channel["atom:link"] = {
       _attributes: {
-        href: options.hub,
-        rel: "hub",
-      },
+        href: sanitize(options.hub),
+        rel: "hub"
+      }
     };
   }
 
@@ -122,15 +123,15 @@ export default (ins: Feed) => {
     }
 
     if (entry.link) {
-      item.link = { _text: entry.link };
+      item.link = { _text: sanitize(entry.link) };
     }
 
     if (entry.guid) {
       item.guid = { _text: entry.guid };
     } else if (entry.id) {
       item.guid = { _text: entry.id };
     } else if (entry.link) {
-      item.guid = { _text: entry.link };
+      item.guid = { _text: sanitize(entry.link) };
     }
 
     if (entry.date) {
@@ -173,7 +174,7 @@ export default (ins: Feed) => {
     }
 
     /**
-     * Item Category
+     * Item Enclosure
      * https://validator.w3.org/feed/docs/rss2.html#ltenclosuregtSubelementOfLtitemgt
      */
     if (entry.enclosure) {

src/utils.ts

@@ -0,0 +1,6 @@
+export function sanitize(url: String | undefined): String | undefined {
+  if (typeof (url) === 'undefined') {
+    return;
+  }
+  return url.replace(/&/g, '&');
+}