You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@xerces.apache.org by "David Leffingwell (Jira)" <xe...@xml.apache.org> on 2022/09/07 15:30:00 UTC

[jira] [Updated] (XERCESC-2239) When XMLUni::fgDOMWRTSplitCdataSections is true (the default) invalid XML characters are allowed by DOMWriter

     [ https://issues.apache.org/jira/browse/XERCESC-2239?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Leffingwell updated XERCESC-2239:
---------------------------------------
    Description: 
// Create a Document with a CDATA section that contains an invalid XML character (e.g. 0x1b). 
// This should fail when serializing the Document, but it does not when XMLUni::fgDOMWRTSplitCdataSections is true.


struct XercesDeleter
{
        template<typename T>
        void operator()(T* data) const
        {
            if (data) { data->release(); };
        }
};    

typedef std::unique_ptr<XERCES_CPP_NAMESPACE::DOMLSSerializer,XercesDeleter>   DOMWriterPtr;
typedef std::unique_ptr<XERCES_CPP_NAMESPACE::DOMDocument,XercesDeleter> DOMDocumentPtr;


XMLPlatformUtils::Initialize();

DOMImplementation* impl = DOMImplementationRegistry::getDOMImplementation(XMLString::transcode("LS"));

 // Create DOM with a CDATA section
DOMDocumentPtr document(impl->createDocument());

DOMElement* element = document->createElementNS(XMLString::transcode("http://schemas.openxmlformats.org/wordprocessingml/2006/main"), XMLString::transcode("w:t"));
document->appendChild(element);

DOMCDATASection* codesection = document->createCDATASection(XercesString(code));
element->appendChild("c = '';"); // 0x1B is not a valid XML 1.0 character

DOMWriterPtr writer(impl->createLSSerializer());

writer->writeToString(document.get())

  was:
// Create a Document with a CDATA section that contains an invalid XML character (e.g. 0x1b). 
// This should fail when serializing the Document, but it does not when XMLUni::fgDOMWRTSplitCdataSections is true.


struct XercesDeleter
{
        template<typename T>
        void operator()(T* data) const
        {
            if (data) { data->release(); };
        }
};    

typedef std::unique_ptr<XERCES_CPP_NAMESPACE::DOMLSSerializer,XercesDeleter>   DOMWriterPtr;
typedef std::unique_ptr<XERCES_CPP_NAMESPACE::DOMDocument,XercesDeleter> DOMDocumentPtr;


XMLPlatformUtils::Initialize();

DOMImplementation* impl = DOMImplementationRegistry::getDOMImplementation(XMLString::transcode("LS"));

 // Create DOM with a CDATA section
DOMDocumentPtr document(impl->createDocument());

DOMElement* element = document->createElementNS(XMLString::transcode("http://schemas.openxmlformats.org/wordprocessingml/2006/main"), XMLString::transcode("w:t"));
document->appendChild(element);

DOMCDATASection* codesection = document->createCDATASection(XercesString(code));
element->appendChild(codesection);

DOMWriterPtr writer(impl->createLSSerializer());

writer->writeToString(document.get())


> When XMLUni::fgDOMWRTSplitCdataSections is true (the default) invalid XML characters are allowed by DOMWriter
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: XERCESC-2239
>                 URL: https://issues.apache.org/jira/browse/XERCESC-2239
>             Project: Xerces-C++
>          Issue Type: Bug
>          Components: DOM
>    Affects Versions: 3.2.0
>            Reporter: David Leffingwell
>            Priority: Major
>
> // Create a Document with a CDATA section that contains an invalid XML character (e.g. 0x1b). 
> // This should fail when serializing the Document, but it does not when XMLUni::fgDOMWRTSplitCdataSections is true.
> struct XercesDeleter
> {
>         template<typename T>
>         void operator()(T* data) const
>         {
>             if (data) { data->release(); };
>         }
> };    
> typedef std::unique_ptr<XERCES_CPP_NAMESPACE::DOMLSSerializer,XercesDeleter>   DOMWriterPtr;
> typedef std::unique_ptr<XERCES_CPP_NAMESPACE::DOMDocument,XercesDeleter> DOMDocumentPtr;
> XMLPlatformUtils::Initialize();
> DOMImplementation* impl = DOMImplementationRegistry::getDOMImplementation(XMLString::transcode("LS"));
>  // Create DOM with a CDATA section
> DOMDocumentPtr document(impl->createDocument());
> DOMElement* element = document->createElementNS(XMLString::transcode("http://schemas.openxmlformats.org/wordprocessingml/2006/main"), XMLString::transcode("w:t"));
> document->appendChild(element);
> DOMCDATASection* codesection = document->createCDATASection(XercesString(code));
> element->appendChild("c = '';"); // 0x1B is not a valid XML 1.0 character
> DOMWriterPtr writer(impl->createLSSerializer());
> writer->writeToString(document.get())



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org