You are viewing a plain text version of this content. The canonical link for it is here.

Posted to xmlrpc-dev@ws.apache.org by bu...@apache.org on 2002/02/28 20:13:55 UTC

DO NOT REPLY [Bug 6763] New: - XMLWriter doesn't escape enough characters

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6763>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6763

XMLWriter doesn't escape enough characters

           Summary: XMLWriter doesn't escape enough characters
           Product: XML-RPC
           Version: unspecified
          Platform: PC
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Source
        AssignedTo: rpc-dev@xml.apache.org
        ReportedBy: aaron@alum.mit.edu


org.apache.xmlrpc.XmlRpc$XMLWriter.chardata escapes the characters &, <, and > 
in strings passed as arguments to execute().  If the string contains other 
characters that are not allowed in XML, then the XmlRpcServer fails with a 
SAXParseException on the other side of the wire.  In the example I encountered, 
the string contained the character 0x05, which should probably be escaped as 
&#0005;.  (I have worked around this by adding my own pass over the argument 
strings before calling execute, but this is obviously not ideal.)  
Please feel free to contact me for more information.
Aaron Goodisman
aaron@alum.mit.edu

Re: DO NOT REPLY [Bug 6763] New: - XMLWriter doesn't escape enough characters

Posted by John Wilson <tu...@wilson.co.uk>.

[snip]

> org.apache.xmlrpc.XmlRpc$XMLWriter.chardata escapes the characters &, <,
and >
> in strings passed as arguments to execute().  If the string contains other
> characters that are not allowed in XML, then the XmlRpcServer fails with a
> SAXParseException on the other side of the wire.  In the example I
encountered,
> the string contained the character 0x05, which should probably be escaped
as
> &#0005;.  (I have worked around this by adding my own pass over the
argument
> strings before calling execute, but this is obviously not ideal.)

This isn't a bug. You just can't legally have a Unicode character with the
value 5 in a well formed XML document. Escaping it as &#0005; makes no
difference.

The relevant part of the spec is Section 4.1 Character and Entity References
"Well-Formedness Constraint: Legal Character
Characters referred to using character references must match the production
for Char. "

MinML currently and erroneously allows this - I'm in process of tightening
it's checking and it will soon reject it.

John Wilson
The Wilson Partnership
http://www.wilson.co.uk

Fwd: DO NOT REPLY [Bug 6763] New: - XMLWriter doesn't escape enough characters [bugzilla@apache.org]

Posted by Jim Redman <ji...@ergotech.com>.

Is the server supposed to escape these?  If you put "<p>" in a returned 
value it is not escaped.

Jim

On 2002.02.28 12:13:55 -0700 bugzilla@apache.org wrote:
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6763>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6763

XMLWriter doesn't escape enough characters

            Summary: XMLWriter doesn't escape enough characters
            Product: XML-RPC
            Version: unspecified
           Platform: PC
         OS/Version: Windows NT/2K
             Status: NEW
           Severity: Normal
           Priority: Other
          Component: Source
         AssignedTo: rpc-dev@xml.apache.org
         ReportedBy: aaron@alum.mit.edu


org.apache.xmlrpc.XmlRpc$XMLWriter.chardata escapes the characters &, <,
and >
in strings passed as arguments to execute().  If the string contains other
characters that are not allowed in XML, then the XmlRpcServer fails with a
SAXParseException on the other side of the wire.  In the example I
encountered,
the string contained the character 0x05, which should probably be escaped
as
&#0005;.  (I have worked around this by adding my own pass over the
argument
strings before calling execute, but this is obviously not ideal.)
Please feel free to contact me for more information.
Aaron Goodisman
aaron@alum.mit.edu

-- 

Jim Redman
(505) 662 5156
http://www.ergotech.com

Re: DO NOT REPLY [Bug 6763] New: - XMLWriter doesn't escape enough characters

Posted by John Wilson <tu...@wilson.co.uk>.

[snip]

> org.apache.xmlrpc.XmlRpc$XMLWriter.chardata escapes the characters &, <,
and >
> in strings passed as arguments to execute().  If the string contains other
> characters that are not allowed in XML, then the XmlRpcServer fails with a
> SAXParseException on the other side of the wire.  In the example I
encountered,
> the string contained the character 0x05, which should probably be escaped
as
> &#0005;.  (I have worked around this by adding my own pass over the
argument
> strings before calling execute, but this is obviously not ideal.)

This isn't a bug. You just can't legally have a Unicode character with the
value 5 in a well formed XML document. Escaping it as &#0005; makes no
difference.

The relevant part of the spec is Section 4.1 Character and Entity References
"Well-Formedness Constraint: Legal Character
Characters referred to using character references must match the production
for Char. "

MinML currently and erroneously allows this - I'm in process of tightening
it's checking and it will soon reject it.

John Wilson
The Wilson Partnership
http://www.wilson.co.uk

Fwd: DO NOT REPLY [Bug 6763] New: - XMLWriter doesn't escape enough characters [bugzilla@apache.org]

Posted by Jim Redman <ji...@ergotech.com>.

Is the server supposed to escape these?  If you put "<p>" in a returned 
value it is not escaped.

Jim

On 2002.02.28 12:13:55 -0700 bugzilla@apache.org wrote:
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6763>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6763

XMLWriter doesn't escape enough characters

            Summary: XMLWriter doesn't escape enough characters
            Product: XML-RPC
            Version: unspecified
           Platform: PC
         OS/Version: Windows NT/2K
             Status: NEW
           Severity: Normal
           Priority: Other
          Component: Source
         AssignedTo: rpc-dev@xml.apache.org
         ReportedBy: aaron@alum.mit.edu


org.apache.xmlrpc.XmlRpc$XMLWriter.chardata escapes the characters &, <,
and >
in strings passed as arguments to execute().  If the string contains other
characters that are not allowed in XML, then the XmlRpcServer fails with a
SAXParseException on the other side of the wire.  In the example I
encountered,
the string contained the character 0x05, which should probably be escaped
as
&#0005;.  (I have worked around this by adding my own pass over the
argument
strings before calling execute, but this is obviously not ideal.)
Please feel free to contact me for more information.
Aaron Goodisman
aaron@alum.mit.edu

-- 

Jim Redman
(505) 662 5156
http://www.ergotech.com