You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@deltacloud.apache.org by tc...@redhat.com on 2010/11/24 17:45:40 UTC

[PATCH] Wrap error messages and details in CDATA

From: Tobias Crawley <tc...@redhat.com>

The xml parser used by nokogiri-java (xerces) is much more strict about
unescaped entities, and causes nokogiri to ignore nodes containing them.
Wrapping the content in CDATA blocks fixes this.

Note: this fix does not use the haml :cdata filter, since you cannot
strip whitespace inside the filter.
---
 .../lib/deltacloud/helpers/application_helper.rb   |    4 ++--
 server/views/errors/auth_exception.xml.haml        |    3 ++-
 .../errors/backend_capability_failure.xml.haml     |    3 ++-
 server/views/errors/backend_error.xml.haml         |    4 ++--
 server/views/errors/validation_failure.xml.haml    |    5 +++--
 5 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/server/lib/deltacloud/helpers/application_helper.rb b/server/lib/deltacloud/helpers/application_helper.rb
index 00e8bc9..6830e5f 100644
--- a/server/lib/deltacloud/helpers/application_helper.rb
+++ b/server/lib/deltacloud/helpers/application_helper.rb
@@ -121,8 +121,8 @@ module ApplicationHelper
     end
   end
 
-  def cdata(&block)
-    text = capture_haml(&block)
+  def cdata(text = nil, &block)
+    text ||= capture_haml(&block)
     "<![CDATA[#{text.strip}]]>"
   end
 
diff --git a/server/views/errors/auth_exception.xml.haml b/server/views/errors/auth_exception.xml.haml
index bee6492..bfa9111 100644
--- a/server/views/errors/auth_exception.xml.haml
+++ b/server/views/errors/auth_exception.xml.haml
@@ -1,2 +1,3 @@
 %error{:url => "#{request.env['REQUEST_URI']}", :status => "#{response.status}"}
-  %message #{@error.message}
+  %message< #{cdata @error.message}
+
diff --git a/server/views/errors/backend_capability_failure.xml.haml b/server/views/errors/backend_capability_failure.xml.haml
index 83892fb..4302e4b 100644
--- a/server/views/errors/backend_capability_failure.xml.haml
+++ b/server/views/errors/backend_capability_failure.xml.haml
@@ -1,4 +1,5 @@
 %error{:url => "#{request.env['REQUEST_URI']}", :status => "#{response.status}"}
   %capability #{@error.capability}
-  %message #{@error.message}
+  %message< #{cdata @error.message}
+
 
diff --git a/server/views/errors/backend_error.xml.haml b/server/views/errors/backend_error.xml.haml
index 75866eb..cb5d87f 100644
--- a/server/views/errors/backend_error.xml.haml
+++ b/server/views/errors/backend_error.xml.haml
@@ -4,5 +4,5 @@
     %code= @error.code
     %cause= @error.cause
     - if @error.details
-      %details #{@error.details}
-  %message #{@error.message}
+      %details< #{cdata @error.details.join("\n")}
+  %message< #{cdata @error.message}
diff --git a/server/views/errors/validation_failure.xml.haml b/server/views/errors/validation_failure.xml.haml
index 24519ed..f18d6a2 100644
--- a/server/views/errors/validation_failure.xml.haml
+++ b/server/views/errors/validation_failure.xml.haml
@@ -1,7 +1,8 @@
 %error{:url => "#{request.env['REQUEST_URI']}", :status => "#{response.status}"}
   %parameter #{@error.name}
-  %message #{@error.message}
+  %message< #{cdata @error.message}
   - unless @error.param.options.empty?
     %valid_options
       - @error.param.options.each do |v|
-        %value #{v}
+        %value< #{cdata v}
+
-- 
1.7.3.2

Re: [PATCH] Wrap error messages and details in CDATA

Posted by Michal Fojtik <mf...@redhat.com>.

On 24/11/10 11:45 -0500, tcrawley@redhat.com wrote:
>From: Tobias Crawley <tc...@redhat.com>
>
>The xml parser used by nokogiri-java (xerces) is much more strict about
>unescaped entities, and causes nokogiri to ignore nodes containing them.
>Wrapping the content in CDATA blocks fixes this.
>

ACK. Code looks safe and I understand your motivation, XML can get corrupted
when Exception contains invalid characters.

   -- Michal

>
>Note: this fix does not use the haml :cdata filter, since you cannot
>strip whitespace inside the filter.
>---
> .../lib/deltacloud/helpers/application_helper.rb   |    4 ++--
> server/views/errors/auth_exception.xml.haml        |    3 ++-
> .../errors/backend_capability_failure.xml.haml     |    3 ++-
> server/views/errors/backend_error.xml.haml         |    4 ++--
> server/views/errors/validation_failure.xml.haml    |    5 +++--
> 5 files changed, 11 insertions(+), 8 deletions(-)
>
>diff --git a/server/lib/deltacloud/helpers/application_helper.rb b/server/lib/deltacloud/helpers/application_helper.rb
>index 00e8bc9..6830e5f 100644
>--- a/server/lib/deltacloud/helpers/application_helper.rb
>+++ b/server/lib/deltacloud/helpers/application_helper.rb
>@@ -121,8 +121,8 @@ module ApplicationHelper
>     end
>   end
>
>-  def cdata(&block)
>-    text = capture_haml(&block)
>+  def cdata(text = nil, &block)
>+    text ||= capture_haml(&block)
>     "<![CDATA[#{text.strip}]]>"
>   end
>
>diff --git a/server/views/errors/auth_exception.xml.haml b/server/views/errors/auth_exception.xml.haml
>index bee6492..bfa9111 100644
>--- a/server/views/errors/auth_exception.xml.haml
>+++ b/server/views/errors/auth_exception.xml.haml
>@@ -1,2 +1,3 @@
> %error{:url => "#{request.env['REQUEST_URI']}", :status => "#{response.status}"}
>-  %message #{@error.message}
>+  %message< #{cdata @error.message}
>+
>diff --git a/server/views/errors/backend_capability_failure.xml.haml b/server/views/errors/backend_capability_failure.xml.haml
>index 83892fb..4302e4b 100644
>--- a/server/views/errors/backend_capability_failure.xml.haml
>+++ b/server/views/errors/backend_capability_failure.xml.haml
>@@ -1,4 +1,5 @@
> %error{:url => "#{request.env['REQUEST_URI']}", :status => "#{response.status}"}
>   %capability #{@error.capability}
>-  %message #{@error.message}
>+  %message< #{cdata @error.message}
>+
>
>diff --git a/server/views/errors/backend_error.xml.haml b/server/views/errors/backend_error.xml.haml
>index 75866eb..cb5d87f 100644
>--- a/server/views/errors/backend_error.xml.haml
>+++ b/server/views/errors/backend_error.xml.haml
>@@ -4,5 +4,5 @@
>     %code= @error.code
>     %cause= @error.cause
>     - if @error.details
>-      %details #{@error.details}
>-  %message #{@error.message}
>+      %details< #{cdata @error.details.join("\n")}
>+  %message< #{cdata @error.message}
>diff --git a/server/views/errors/validation_failure.xml.haml b/server/views/errors/validation_failure.xml.haml
>index 24519ed..f18d6a2 100644
>--- a/server/views/errors/validation_failure.xml.haml
>+++ b/server/views/errors/validation_failure.xml.haml
>@@ -1,7 +1,8 @@
> %error{:url => "#{request.env['REQUEST_URI']}", :status => "#{response.status}"}
>   %parameter #{@error.name}
>-  %message #{@error.message}
>+  %message< #{cdata @error.message}
>   - unless @error.param.options.empty?
>     %valid_options
>       - @error.param.options.each do |v|
>-        %value #{v}
>+        %value< #{cdata v}
>+
>--
>1.7.3.2
>

-- 
--------------------------------------------------------
Michal Fojtik, mfojtik@redhat.com
Deltacloud API: http://deltacloud.org
--------------------------------------------------------