Escape bare & in Bibcollection#to_xml to prevent invalid XML: https://github.com/metanorma/isodoc/issues/785

lib/relaton/bibcollection.rb

@@ -32,8 +32,8 @@ def <<(item)
 
     # @param source [Nokogiri::XML::Element]
     def self.from_xml(source)
-      title = find_text("./relaton-collection/title", source)
-      author = find_text(
+      title = find_html("./relaton-collection/title", source)
+      author = find_html(
         "./relaton-collection/contributor[role/@type='author']/organization/"\
         "name", source
       )
@@ -61,10 +61,10 @@ def to_xml(opts = {})
                         end
 
       ret = "<relaton-collection #{collection_type}>"
-      ret += "<title>#{title}</title>" if title
+      ret += "<title>#{xml_escape(title)}</title>" if title
       if author
         ret += "<contributor><role type='author'/><organization><name>"\
-        "#{author}</name></organization></contributor>"
+        "#{xml_escape(author)}</name></organization></contributor>"
       end
       unless items.empty?
         items.each do |item|
@@ -134,5 +134,13 @@ def reduce_items
                end
       end
     end
+
+    # Escape bare & in content for XML serialization, leaving already-encoded
+    # entity references (&amp;, &#123;, &#x1f;) and inline markup (<em> etc.)
+    # untouched. This prevents invalid XML when plain-text values (e.g. from
+    # YAML) contain literal ampersands.
+    def xml_escape(str)
+      str.gsub(/&(?![a-zA-Z][a-zA-Z0-9]*;|#[0-9]+;|#x[0-9a-fA-F]+;)/, "&amp;")
+    end
   end
 end

lib/relaton/element_finder.rb

@@ -6,6 +6,10 @@ def find_text(xpath, element = nil)
       find(xpath, element)&.text
     end
 
+    def find_html(xpath, element = nil)
+      find(xpath, element)&.inner_html
+    end
+
     def find(xpath, element = nil)
       (element || document).at(apply_namespace(xpath))
     end

spec/assets/index-with-markup.xml

@@ -0,0 +1,23 @@
+<relaton-collection xmlns="http://riboseinc.com/isoxml">
+  <title>Use of <strong>ActualText</strong> &amp; <strong>Reference</strong> structure elements</title>
+  <contributor>
+    <role type="author"/>
+    <organization>
+      <name>Acme &amp; Co</name>
+    </organization>
+  </contributor>
+  <relation type='partOf'>
+    <bibdata type='standard'>
+      <title>Sample doc title</title>
+      <uri>http://example.org/sample.pdf</uri>
+      <docidentifier primary="true">EX 1</docidentifier>
+      <date type='published'>
+        <on>2026-01-01</on>
+      </date>
+      <status><stage>Published</stage></status>
+      <ext>
+        <technical-committee>TC EX</technical-committee>
+      </ext>
+    </bibdata>
+  </relation>
+</relaton-collection>

spec/relaton/cli/xml_to_html_renderer_spec.rb

@@ -31,6 +31,29 @@
       end
     end
 
+    context "with markup and entities in the collection title and author" do
+      let(:html) do
+        renderer.render(File.read("spec/assets/index-with-markup.xml"))
+      end
+
+      it "preserves <strong> markup and &amp; in the coverpage title" do
+        expect(html).to include(
+          '<span class="title-first">Use of <strong>ActualText</strong> ' \
+          "&amp; <strong>Reference</strong> structure elements</span>",
+        )
+      end
+
+      it "strips inline tags but keeps &amp; in <head><title>" do
+        head_title = html[/<title>([^<]*(?:<(?!\/title)[^<]*)*)<\/title>/m, 1]
+        expect(head_title).to include("&amp;")
+        expect(head_title).not_to include("<strong>")
+      end
+
+      it "preserves &amp; in the rendered author" do
+        expect(html).to include("Acme &amp; Co")
+      end
+    end
+
     context "with a document containing other collections" do
       let(:html) do
         renderer.render(File.read("spec/assets/with-collections.xml"))

templates/_index.liquid

@@ -1,7 +1,7 @@
 <!DOCTYPE HTML>
 <html>
   <head>
-    <title>{{ title }}</title>
+    <title>{{ title | strip_html }}</title>
     <style>
 <!--
 {{ css }}