You are viewing a plain text version of this content. The canonical link for it is here.

Posted to log4j-dev@logging.apache.org by bu...@apache.org on 2015/06/14 23:47:35 UTC

[Bug 58035] New: XMLLayout writes illegal characters to XML file

https://bz.apache.org/bugzilla/show_bug.cgi?id=58035

            Bug ID: 58035
           Summary: XMLLayout writes illegal characters to XML file
           Product: Log4j
           Version: 1.2
          Hardware: PC
                OS: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Appender
          Assignee: log4j-dev@logging.apache.org
          Reporter: 120db@hotmail.es
                CC: mat.gessel@gmail.com, myles.bunbury@alcatel-lucent.com
        Depends on: 49354

+++ This bug was initially created as a clone of Bug #49354 +++

XMLLayout does not appear to escape or scrub the log message to deal with
illegal characters. This can result in invalid XML output by log4j, which in
turn can cause XML parsers downstream to blow up.

A corner case we encountered while using log4j v1.2.15 produced the attached
XML output. The message, which usually has normal text, ended up having some
illegal XML characters in it. Stylus Studio reports the error on line 2, column
119 as follows:
  FATAL ERROR: Invalid character (Unicode: 0x15)

This character is indeed illegal in XML, as per:
http://www.xml.com/axml/target.html#sec-cdata-sect

A nice summary can be found here:
http://www.coderanch.com/t/124970/XML/Invalid-Character-inside-CDATA

XMLLayout should ensure that what it write is legal XML, either by escaping
illegal characters, removing them, or replacing them.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org

[Bug 58035] XMLLayout writes illegal characters to XML file

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=58035

--- Comment #1 from Gary Gregory <ga...@gmail.com> ---
What happens with 1.2.17? Otherwise try 2.x with the 1.2 compatibility jar. 1.2
is not maintained atm.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org