From a6cc1a9e4ddd670fcfa22d3599a06b7b2f3e209f Mon Sep 17 00:00:00 2001 From: guimafelipe Date: Fri, 20 Feb 2026 13:35:39 -0800 Subject: [PATCH 1/2] Fix XML encoding for button content in AppNotificationButton --- .../AppNotificationBuilder/AppNotificationButton.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/AppNotifications/AppNotificationBuilder/AppNotificationButton.cpp b/dev/AppNotifications/AppNotificationBuilder/AppNotificationButton.cpp index b78e592841..382557277b 100644 --- a/dev/AppNotifications/AppNotificationBuilder/AppNotificationButton.cpp +++ b/dev/AppNotifications/AppNotificationBuilder/AppNotificationButton.cpp @@ -122,7 +122,7 @@ namespace winrt::Microsoft::Windows::AppNotifications::Builder::implementation auto logTelemetry{ AppNotificationBuilderTelemetry::ButtonToString::Start(g_telemetryHelper) }; std::wstring xmlResult{ wil::str_printf(L"", - m_content.c_str(), + EncodeXml(m_content).c_str(), GetActivationArguments().c_str(), m_useContextMenuPlacement ? L" placement='contextMenu'" : L"", m_iconUri ? wil::str_printf(L" imageUri='%ls'", m_iconUri.ToString().c_str()).c_str() : L"", From 9ce759b83d57ce031043a053554c73fffc23d85d Mon Sep 17 00:00:00 2001 From: guimafelipe Date: Fri, 20 Feb 2026 14:23:05 -0800 Subject: [PATCH 2/2] Add tests for XML encoding of button content special characters --- test/AppNotificationBuilderTests/APITests.cpp | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/test/AppNotificationBuilderTests/APITests.cpp b/test/AppNotificationBuilderTests/APITests.cpp index 0925df2352..9d2f0677db 100644 --- a/test/AppNotificationBuilderTests/APITests.cpp +++ b/test/AppNotificationBuilderTests/APITests.cpp @@ -764,6 +764,50 @@ namespace Test::AppNotification::Builder VERIFY_ARE_EQUAL(builder.BuildNotification().Payload(), expected); } + TEST_METHOD(AppNotificationBuilderAddButtonWithApostropheInContent) + { + auto builder{ winrt::AppNotificationBuilder() + .AddButton(winrt::AppNotificationButton(L"Don't miss this") + .AddArgument(L"key", L"value")) + }; + auto expected{ L"" }; + + VERIFY_ARE_EQUAL(builder.BuildNotification().Payload(), expected); + } + + TEST_METHOD(AppNotificationBuilderAddButtonWithXmlSpecialCharsInContent) + { + auto builder{ winrt::AppNotificationBuilder() + .AddButton(winrt::AppNotificationButton(LR"(&"'<>)") + .AddArgument(L"key", L"value")) + }; + auto expected{ L"" }; + + VERIFY_ARE_EQUAL(builder.BuildNotification().Payload(), expected); + } + + TEST_METHOD(AppNotificationBuilderAddButtonWithAmpersandInContent) + { + auto builder{ winrt::AppNotificationBuilder() + .AddButton(winrt::AppNotificationButton(L"Save & Close") + .AddArgument(L"action", L"save")) + }; + auto expected{ L"" }; + + VERIFY_ARE_EQUAL(builder.BuildNotification().Payload(), expected); + } + + TEST_METHOD(AppNotificationBuilderAddButtonWithAngleBracketsInContent) + { + auto builder{ winrt::AppNotificationBuilder() + .AddButton(winrt::AppNotificationButton(L"") + .AddArgument(L"key", L"value")) + }; + auto expected{ L"" }; + + VERIFY_ARE_EQUAL(builder.BuildNotification().Payload(), expected); + } + TEST_METHOD(AppNotificationBuilderWithIsCallingPreviewSupportedIsFalse) { if (!::Microsoft::Windows::CallingPreviewSupport::Feature_CallingPreviewSupport::IsEnabled())