Minor syntax bug when using quotes in the app's name
Malasaur opened this issue · comments
Describe the bug
I've just noticed that if you create an app and include a quote in the name ('
), briefcase
does not escape it inside the settings.gradle
file. Nothing very concerning, just a bit misleading for people who may not know about this kinda stuff
Steps to reproduce
- Create a new app with
briefcase
- Include
'
inside the name, e.g. "John Doe's amazing application" - Build it for Android
- See error
Why does writing this feel like greentext?
Expected behavior
I expected it to compile without errors. lol
Screenshots
No response
Environment
Like, are these really needed?
- Operating System: Endeavour OS
- Python version: 3.12.3
- Software versions:
- Briefcase: 0.3.19
- Toga: 0.4.5
Logs
No response
Additional context
No response
Thanks for the report. This is a class of problem we've been slowly squashing over time; See #905, #1746, and some others.
If you're interested in trying your hand at fixing this, the history and linked issues for #1746 are a good point of comparison.
The fix for this comes in 2 parts.
The first part is that we need to modify the briefcase-android-gradle-template so that anywhere user-generated content is inserted, it is appropriately escaped.
The second part is that we need an appropriate escape filter. We have escaping filters for XML, TOML and PLIST; we clearly need one for gradle as well. This will likely be structurally similar to the TOML
filter, except that it's the '
character that needs escaping.
It would also be worth auditing all the other places that user-generated content is being inserted. Based on a quick inspection, it looks like an app with a formal name or app name that contains <
or >
will likely cause issues, as they need to be escaped in strings.xml
. Anywhere that a {{ cookiecutter.something }}
value is inserted in a template, we should be ensuring that the right escaping is occurring. Unless the value is intended as a template insertion (e.g., android_manifest_activity_attrs_extra_content
), all user-provided content should be escaped.