You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@roller.apache.org by "David Johnson (JIRA)" <no...@atlassian.com> on 2007/04/22 16:32:55 UTC

[Roller-JIRA] Created: (ROL-1397) APP interop: null byte 0x0 getting into entry contents

APP interop: null byte 0x0 getting into entry contents
------------------------------------------------------

                 Key: ROL-1397
                 URL: http://opensource.atlassian.com/projects/roller/browse/ROL-1397
             Project: Roller
          Issue Type: Bug
          Components: Web Services
    Affects Versions: 4.0
            Reporter: David Johnson
            Assignee: David Johnson
             Fix For: 4.0


Some clients (the APE and Joe Gregorio's WXPython client) see to inject null bytes into APP entry content. Not sure if this is a client side or a JDOM issue. Either way, we need to sanitize input to remove bad characters and ensure well-formed HTML or XHTML.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://opensource.atlassian.com/projects/roller/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Roller-JIRA] Updated: (ROL-1397) APP interop: null byte 0x0 getting into entry contents

Posted by "David Johnson (JIRA)" <no...@atlassian.com>.

     [ http://opensource.atlassian.com/projects/roller/browse/ROL-1397?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Johnson updated ROL-1397:
-------------------------------

    Fix Version/s:     (was: 4.0)

> APP interop: null byte 0x0 getting into entry contents
> ------------------------------------------------------
>
>                 Key: ROL-1397
>                 URL: http://opensource.atlassian.com/projects/roller/browse/ROL-1397
>             Project: Roller
>          Issue Type: Bug
>          Components: Web Services
>            Reporter: David Johnson
>            Assignee: David Johnson
>
> Some clients (the APE and Joe Gregorio's WXPython client) see to inject null bytes into APP entry content. Not sure if this is a client side or a JDOM issue. Either way, we need to sanitize input to remove bad characters and ensure well-formed HTML or XHTML.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://opensource.atlassian.com/projects/roller/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Roller-JIRA] Updated: (ROL-1397) APP interop: null byte 0x0 getting into entry contents

Posted by "David Johnson (JIRA)" <no...@atlassian.com>.

     [ http://opensource.atlassian.com/projects/roller/browse/ROL-1397?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Johnson updated ROL-1397:
-------------------------------

    Affects Version/s:     (was: 4.0)

I don't require this for 4.0

> APP interop: null byte 0x0 getting into entry contents
> ------------------------------------------------------
>
>                 Key: ROL-1397
>                 URL: http://opensource.atlassian.com/projects/roller/browse/ROL-1397
>             Project: Roller
>          Issue Type: Bug
>          Components: Web Services
>            Reporter: David Johnson
>            Assignee: David Johnson
>
> Some clients (the APE and Joe Gregorio's WXPython client) see to inject null bytes into APP entry content. Not sure if this is a client side or a JDOM issue. Either way, we need to sanitize input to remove bad characters and ensure well-formed HTML or XHTML.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://opensource.atlassian.com/projects/roller/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Roller-JIRA] Commented: (ROL-1397) APP interop: null byte 0x0 getting into entry contents

Posted by "Anil Gangolli (JIRA)" <no...@atlassian.com>.

    [ http://opensource.atlassian.com/projects/roller/browse/ROL-1397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_13899 ] 

Anil Gangolli commented on ROL-1397:
------------------------------------


Note that APP doesn't mandate a particular charset.  Some character encodings may have null bytes as part of normal content.   

We could address this if we restrict the encoding to UTF-8, which may be an implicit requirement of the current implementation anyway.  I may be missing something, but it seems like it  could get  ugly to try to be resilient to this client bug on the receiving end.

> APP interop: null byte 0x0 getting into entry contents
> ------------------------------------------------------
>
>                 Key: ROL-1397
>                 URL: http://opensource.atlassian.com/projects/roller/browse/ROL-1397
>             Project: Roller
>          Issue Type: Bug
>          Components: Web Services
>            Reporter: David Johnson
>            Assignee: David Johnson
>
> Some clients (the APE and Joe Gregorio's WXPython client) see to inject null bytes into APP entry content. Not sure if this is a client side or a JDOM issue. Either way, we need to sanitize input to remove bad characters and ensure well-formed HTML or XHTML.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://opensource.atlassian.com/projects/roller/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Roller-JIRA] Commented: (ROL-1397) APP interop: null byte 0x0 getting into entry contents

Posted by "David Johnson (JIRA)" <no...@atlassian.com>.

    [ http://opensource.atlassian.com/projects/roller/browse/ROL-1397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_13902 ] 

David Johnson commented on ROL-1397:
------------------------------------

I'm hoping that the latest changes to ROME will fix this problem:

http://wiki.java.net/bin/view/Javawsxml/RomeChangesLog#Changes_made_since_v0_9

> APP interop: null byte 0x0 getting into entry contents
> ------------------------------------------------------
>
>                 Key: ROL-1397
>                 URL: http://opensource.atlassian.com/projects/roller/browse/ROL-1397
>             Project: Roller
>          Issue Type: Bug
>          Components: Web Services
>            Reporter: David Johnson
>            Assignee: David Johnson
>
> Some clients (the APE and Joe Gregorio's WXPython client) see to inject null bytes into APP entry content. Not sure if this is a client side or a JDOM issue. Either way, we need to sanitize input to remove bad characters and ensure well-formed HTML or XHTML.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://opensource.atlassian.com/projects/roller/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira