You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@xerces.apache.org by "David Leffingwell (Jira)" <xe...@xml.apache.org> on 2022/09/08 17:40:00 UTC
[jira] [Comment Edited] (XERCESC-2239) When XMLUni::fgDOMWRTSplitCdataSections is true (the default) invalid XML characters are allowed by DOMWriter
[ https://issues.apache.org/jira/browse/XERCESC-2239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17601489#comment-17601489 ]
David Leffingwell edited comment on XERCESC-2239 at 9/8/22 5:39 PM:
--------------------------------------------------------------------
It looks like ensureValidString() (or something equivalent) is not being done for DOMNode::CDATA_SECTION_NODE when fgDOMWRTSplitCdataSections is true.
https://github.com/apache/xerces-c/blob/fc1f7d3a41328e978d7f517193367af8966a40f8/src/xercesc/dom/impl/DOMLSSerializerImpl.cpp
was (Author: JIRAUSER295485):
It looks like ensureValidString() (or something equivalent) is not being done for DOMNode::CDATA_SECTION_NODE.
https://github.com/apache/xerces-c/blob/fc1f7d3a41328e978d7f517193367af8966a40f8/src/xercesc/dom/impl/DOMLSSerializerImpl.cpp
> When XMLUni::fgDOMWRTSplitCdataSections is true (the default) invalid XML characters are allowed by DOMWriter
> -------------------------------------------------------------------------------------------------------------
>
> Key: XERCESC-2239
> URL: https://issues.apache.org/jira/browse/XERCESC-2239
> Project: Xerces-C++
> Issue Type: Bug
> Components: DOM
> Affects Versions: 3.2.0
> Reporter: David Leffingwell
> Priority: Major
>
> // Create a Document with a CDATA section that contains an invalid XML character (e.g. 0x1b).
> // This should fail when serializing the Document, but it does not when XMLUni::fgDOMWRTSplitCdataSections is true.
> struct XercesDeleter
> {
> template<typename T>
> void operator()(T* data) const
> {
> if (data) { data->release(); };
> }
> };
> typedef std::unique_ptr<XERCES_CPP_NAMESPACE::DOMLSSerializer,XercesDeleter> DOMWriterPtr;
> typedef std::unique_ptr<XERCES_CPP_NAMESPACE::DOMDocument,XercesDeleter> DOMDocumentPtr;
> XMLPlatformUtils::Initialize();
> DOMImplementation* impl = DOMImplementationRegistry::getDOMImplementation(XMLString::transcode("LS"));
> // Create DOM with a CDATA section
> DOMDocumentPtr document(impl->createDocument());
> DOMElement* element = document->createElementNS(XMLString::transcode("http://schemas.openxmlformats.org/wordprocessingml/2006/main"), XMLString::transcode("w:t"));
> document->appendChild(element);
> DOMCDATASection* codesection = document->createCDATASection(XercesString("c = '�';")); // 0x1B is not a valid XML 1.0 character
> element->appendChild(codesection);
> DOMWriterPtr writer(impl->createLSSerializer());
> writer->writeToString(document.get())
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org