Briefcase fails to escape ampersands in company name when generating [appname].wxs when packaging for Windows

[miss-programgamer]

Describe the bug

Exactly as the title says, ampersands need to be escaped when generating .wxs files, but briefcase doesn't perform such escaping, leading to confusing errors while attempting to package an app and having to manually edit [appname].wxs files in the build folder to force it to work.

Steps to reproduce

1. Create a briefcase project with an ampersand in the company name (or even the app name? Haven't tested that case)
2. Run briefcase package -p msi --adhoc-sign (after doing any boilerplate initialization I may have forgotten about)

Expected behavior

I expect a working windows installer for my app, instead I get an error and no installer for my app. Sadge :(

Screenshots

No response

Environment

• Operating System: Windows 11
• Python version: 3.13
• Briefcase version: 0.3.20

Logs

error CNDL0104 : Not a valid source file; detail: An error occurred while parsing EntityName. Line 10, position 43.

Additional context

No response

[freakboy3742]

Thanks for the report. Escaping content correctly is a class of bug we've been slowly squashing over time. The model for fixing them is well understood, and not that difficult to implement - see #1876 and #1746 for two recent examples.

In this case, we need to add an XML content escaping filter to Briefcase (there's already an XML extension with a boolean value filter; it needs a new entity-escaping filter using Python's built-in escaping tools), and then use that filter in the windows app and Visual Studio templates.

There's likely a bunch of other places where escaping could fail in the WiX template, so it would be worth auditing all the cookiecutter inclusions to make sure we've got them all.