diff options
| author | Linnnus <linnnus@users.noreply.github.com> | 2024-11-14 14:09:23 +0100 |
|---|---|---|
| committer | Linnnus <linnnus@users.noreply.github.com> | 2024-12-23 12:29:20 +0100 |
| commit | d1cb670ee6473b1a2c8b072a30bc36736524a794 (patch) | |
| tree | c98659f1a0059bc20456abcdc86d3878d25c4fca /lib/generators.nix | |
| parent | jetbrains: 2024.2.2 -> 2024.2.5 (#355566) (diff) | |
| download | nixpkgs-d1cb670ee6473b1a2c8b072a30bc36736524a794.tar.gz | |
lib.generators.toPlist: escape XML syntax in strings & keys
Before this patch, code like this would break generate invalid XML:
lib.generators.toPlist {} "ab<cd"
That's obviously bad, since the call to toPlist often happens through
indirection, as is the case in e.g. the nix-darwin project. A user might
not realize that they have to escape the strings.
This patch adds the argument 'escape' to lib.generators.plist and emits
a warning if it is not set to true. In a future release, this behavior
should become the default.
I have also added a note for future maintainers, in case I forget to
actually remove the deprecated functionality in a future release.
Diffstat (limited to 'lib/generators.nix')
| -rw-r--r-- | lib/generators.nix | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/lib/generators.nix b/lib/generators.nix index 4317e49c2538..376aa4081bf4 100644 --- a/lib/generators.nix +++ b/lib/generators.nix @@ -70,6 +70,7 @@ let split toJSON typeOf + escapeXML ; ## -- HELPER FUNCTIONS & DEFAULTS -- @@ -548,13 +549,17 @@ in rec { # Inputs - Options - : Empty set, there may be configuration options in the future + Structured function argument + + : escape (optional, default: `false`) + : If this option is true, XML special characters are escaped in string values and keys Value : The value to be converted to Plist */ - toPlist = {}: v: let + toPlist = { + escape ? false + }: v: let expr = ind: x: if x == null then "" else if isBool x then bool ind x else @@ -568,10 +573,12 @@ in rec { literal = ind: x: ind + x; + maybeEscapeXML = if escape then escapeXML else x: x; + bool = ind: x: literal ind (if x then "<true/>" else "<false/>"); int = ind: x: literal ind "<integer>${toString x}</integer>"; - str = ind: x: literal ind "<string>${x}</string>"; - key = ind: x: literal ind "<key>${x}</key>"; + str = ind: x: literal ind "<string>${maybeEscapeXML x}</string>"; + key = ind: x: literal ind "<key>${maybeEscapeXML x}</key>"; float = ind: x: literal ind "<real>${toString x}</real>"; indent = ind: expr "\t${ind}"; @@ -597,7 +604,10 @@ in rec { (expr "\t${ind}" value) ]) x)); - in ''<?xml version="1.0" encoding="UTF-8"?> + in + # TODO: As discussed in #356502, deprecated functionality should be removed sometime after 25.11. + lib.warnIf (!escape && lib.oldestSupportedReleaseIsAtLeast 2505) "Using `lib.generators.toPlist` without `escape = true` is deprecated" + ''<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> ${expr "" v} |