lib.generators.toPlist: escape XML syntax in strings & keys

Before this patch, code like this would break generate invalid XML: lib.generators.toPlist {} "ab<cd" That's obviously bad, since the call to toPlist often happens through indirection, as is the case in e.g. the nix-darwin project. A user might not realize that they have to escape the strings. This patch adds the argument 'escape' to lib.generators.plist and emits a warning if it is not set to true. In a future release, this behavior should become the default. I have also added a note for future maintainers, in case I forget to actually remove the deprecated functionality in a future release.
2025-06-11 20:25:32 +03:00 · 2024-11-14 14:09:23 +01:00 · 2024-11-14 14:09:23 +01:00 · d1cb670ee6
commit d1cb670ee6
parent 122adac328
4 changed files with 92 additions and 8 deletions
--- a/lib/tests/misc.nix
+++ b/lib/tests/misc.nix
@ -1635,7 +1635,7 @@ runTests {
    expected  = "«foo»";
  };

-  testToPlist = {
+  testToPlistUnescaped = {
    expr = mapAttrs (const (generators.toPlist { })) {
      value = {
        nested.values = {
@ -1651,10 +1651,34 @@ runTests {
          emptylist = [];
          attrs = { foo = null; "foo b/ar" = "baz"; };
          emptyattrs = {};
+          "keys are not <escaped>" = "and < neither are string values";
        };
      };
    };
-    expected = { value = builtins.readFile ./test-to-plist-expected.plist; };
+    expected = { value = builtins.readFile ./test-to-plist-unescaped-expected.plist; };
+  };
+
+  testToPlistEscaped = {
+    expr = mapAttrs (const (generators.toPlist { escape = true; })) {
+      value = {
+        nested.values = {
+          int = 42;
+          float = 0.1337;
+          bool = true;
+          emptystring = "";
+          string = "fn\${o}\"r\\d";
+          newlinestring = "\n";
+          path = /. + "/foo";
+          null_ = null;
+          list = [ 3 4 "test" ];
+          emptylist = [];
+          attrs = { foo = null; "foo b/ar" = "baz"; };
+          emptyattrs = {};
+          "keys are <escaped>" = "and < so are string values";
+        };
+      };
+    };
+    expected = { value = builtins.readFile ./test-to-plist-escaped-expected.plist; };
  };

  testToLuaEmptyAttrSet = {