You are viewing a plain text version of this content. The canonical link for it is here.

Posted to xmlrpc-dev@ws.apache.org by Jim Redman <ji...@ergotech.com> on 2002/02/28 20:39:00 UTC

Fwd: DO NOT REPLY [Bug 6763] New: - XMLWriter doesn't escape enough characters [bugzilla@apache.org]

Is the server supposed to escape these?  If you put "<p>" in a returned 
value it is not escaped.

Jim

On 2002.02.28 12:13:55 -0700 bugzilla@apache.org wrote:
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6763>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6763

XMLWriter doesn't escape enough characters

            Summary: XMLWriter doesn't escape enough characters
            Product: XML-RPC
            Version: unspecified
           Platform: PC
         OS/Version: Windows NT/2K
             Status: NEW
           Severity: Normal
           Priority: Other
          Component: Source
         AssignedTo: rpc-dev@xml.apache.org
         ReportedBy: aaron@alum.mit.edu


org.apache.xmlrpc.XmlRpc$XMLWriter.chardata escapes the characters &, <,
and >
in strings passed as arguments to execute().  If the string contains other
characters that are not allowed in XML, then the XmlRpcServer fails with a
SAXParseException on the other side of the wire.  In the example I
encountered,
the string contained the character 0x05, which should probably be escaped
as
&#0005;.  (I have worked around this by adding my own pass over the
argument
strings before calling execute, but this is obviously not ideal.)
Please feel free to contact me for more information.
Aaron Goodisman
aaron@alum.mit.edu

-- 

Jim Redman
(505) 662 5156
http://www.ergotech.com