From 0e334f995d884f9c6989e9c6fed5b41c68c8678c Mon Sep 17 00:00:00 2001
From: Frederik Carlier <frederik.carlier@keysight.com>
Date: Wed, 8 Jan 2025 20:47:15 +0100
Subject: [PATCH] NSString: Use SecurityElement.Escape to escape XML characters

---
 plist-cil.test/NSStringTests.cs | 29 +++++++++++++++++++++++++++++
 plist-cil/NSString.cs           | 14 +++-----------
 2 files changed, 32 insertions(+), 11 deletions(-)
 create mode 100644 plist-cil.test/NSStringTests.cs

diff --git a/plist-cil.test/NSStringTests.cs b/plist-cil.test/NSStringTests.cs
new file mode 100644
index 0000000..380728d
--- /dev/null
+++ b/plist-cil.test/NSStringTests.cs
@@ -0,0 +1,29 @@
+using Claunia.PropertyList;
+using Xunit;
+
+namespace plistcil.test
+{
+    public class NSStringTests
+    {
+        const string START_TOKEN = "<string>";
+        const string END_TOKEN = "</string>";
+
+        [InlineData("abc", "abc")]
+        [InlineData("a>b", "a&gt;b")]
+        [InlineData("a<b", "a&lt;b")]
+        [InlineData("a&b", "a&amp;b")]
+        [Theory]
+        public void Content_IsEscaped(string value, string content)
+        {
+            var element = new NSString(value);
+            string xml = element.ToXmlPropertyList();
+
+            // Strip the leading and trailing data, so we just get the string element itself
+            int start = xml.IndexOf(START_TOKEN) + START_TOKEN.Length;
+            int end = xml.IndexOf(END_TOKEN);
+            string actualContent = xml.Substring(start, end - start);
+
+            Assert.Equal(content, actualContent);
+        }
+    }
+}
diff --git a/plist-cil/NSString.cs b/plist-cil/NSString.cs
index cfad91a..872033a 100644
--- a/plist-cil/NSString.cs
+++ b/plist-cil/NSString.cs
@@ -1,4 +1,4 @@
-// plist-cil - An open source library to parse and generate property lists for .NET
+// plist-cil - An open source library to parse and generate property lists for .NET
 // Copyright (C) 2015 Natalia Portillo
 //
 // This code is based on:
@@ -24,6 +24,7 @@
 // SOFTWARE.
 
 using System;
+using System.Security;
 using System.Text;
 
 namespace Claunia.PropertyList
@@ -136,16 +137,7 @@ namespace Claunia.PropertyList
 
             //According to http://www.w3.org/TR/REC-xml/#syntax node values must not
             //contain the characters < or &. Also the > character should be escaped.
-            if(Content.Contains("&") ||
-               Content.Contains("<") ||
-               Content.Contains(">"))
-            {
-                xml.Append("<![CDATA[");
-                xml.Append(Content.Replace("]]>", "]]]]><![CDATA[>"));
-                xml.Append("]]>");
-            }
-            else
-                xml.Append(Content);
+            xml.Append(SecurityElement.Escape(Content));
 
             xml.Append("</string>");
         }