HTML in Sparkle appcast.xml should not be escaped

We've noticed that the Sparkle release notes are not rendered properly if HTML is provided in the omaha-server Release Notes field (issue [here](https://github.com/brave/brave-browser/issues/9850).)

Example of an appcast.xml:

```
<description>
<![CDATA[
Brave Browser version: 81.1.9.80 &lt;a href=&quot;https://github.com/brave/brave-browser/blob/master/CHANGELOG.md&quot;&gt;Brave Changelog&lt;/a&gt;
]]>
</description>
```

If HTML or a URL is provided in the release notes field, it should be passed into Sparkle without escape characters.

One such solution recommended by @mherrmann might be to use the Django `safe` [template filter](https://docs.djangoproject.com/en/3.0/ref/templates/builtins/#safe) in the Sparkle appcast template [here](https://github.com/omaha-consulting/omaha-server/blob/master/omaha_server/sparkle/templates/sparkle/appcast.xml#L15).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HTML in Sparkle appcast.xml should not be escaped #364

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

HTML in Sparkle appcast.xml should not be escaped #364

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions