Fix low priority maintenance and consistency issues

nickprotop · nickprotop · commit df606cb31eda · 2026-01-06T11:54:25.000+02:00
- StringsdictParser: Consolidate duplicate variable extraction logic
- Android: Return null for empty plural forms (no valid items)
- XLIFF: Reject null/empty plural values in ParsePluralGroup12
diff --git a/LocalizationManager.Core/Backends/iOS/StringsdictParser.cs b/LocalizationManager.Core/Backends/iOS/StringsdictParser.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License
 
 using System.Text;
+using System.Xml;
 using System.Xml.Linq;
 
 namespace LocalizationManager.Core.Backends.iOS;
@@ -34,7 +35,21 @@ public List<StringsdictEntry> Parse(string content)
 
         try
         {
-            var doc = XDocument.Parse(content);
+            // Use secure XML settings to prevent XXE attacks
+            // Note: Use Ignore instead of Prohibit to handle Apple's DOCTYPE declarations
+            // Ignore still prevents external entity resolution via XmlResolver = null
+            var settings = new XmlReaderSettings
+            {
+                DtdProcessing = DtdProcessing.Ignore,
+                XmlResolver = null
+            };
+
+            XDocument doc;
+            using (var reader = XmlReader.Create(new StringReader(content), settings))
+            {
+                doc = XDocument.Load(reader);
+            }
+
             var plist = doc.Element("plist");
             var rootDict = plist?.Element("dict");
 
@@ -88,15 +103,7 @@ public List<StringsdictEntry> Parse(string content)
                 case "NSStringLocalizedFormatKey":
                     formatKey = propValue.Value;
                     // Extract variable name from format like "%#@count@"
-                    if (formatKey.Contains("@"))
-                    {
-                        var start = formatKey.IndexOf('@') + 1;
-                        var end = formatKey.LastIndexOf('@');
-                        if (end > start)
-                        {
-                            variableName = formatKey.Substring(start, end - start);
-                        }
-                    }
+                    variableName = ExtractVariableName(formatKey);
                     break;
 
                 default:
