You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Rafael <ra...@avaintec.com> on 2007/12/03 13:38:45 UTC
Cannot reproduce #41462 (canonicalization issue with non-ascii chars)
Hi,
Our software is using xmlsec-1.4.1. However, we are very interested on
reproducing that canonicalization issue that showed up in 1.4.0 by replacing
1.4.1 with 1.4.0 in our software and testing.
After a quick look into the bug description and the CanonicalizerBase.java file,
we expected the issue to manifest when signing a xml piece of data that is
containing a CDATA section with scandinavian characters. For instance:
<script>
<![CDATA[
function matchwo(a,b)
{
if (a < b && a < 0) then
{
//öäå
return 1
}
else
{
//ÖÄÅ
return 0
}
}
]]>
</script>
In our tests, we send such a xml block to a servlet which will try to sign it.
But we are unable to find any problems, i.e, the signatures created with both
1.4.1 and 1.4.0 are the same.
Could anyone give us some indication?
Regards,
Rafael
Re: Cannot reproduce #41462 (canonicalization issue with non-ascii
chars)
Posted by Sean Mullan <Se...@Sun.COM>.
Rafael wrote:
> Hi,
>
> Our software is using xmlsec-1.4.1. However, we are very interested on
> reproducing that canonicalization issue that showed up in 1.4.0 by replacing
> 1.4.1 with 1.4.0 in our software and testing.
> After a quick look into the bug description and the CanonicalizerBase.java file,
> we expected the issue to manifest when signing a xml piece of data that is
> containing a CDATA section with scandinavian characters. For instance:
>
> <script>
> <![CDATA[
> function matchwo(a,b)
> {
> if (a < b && a < 0) then
> {
> //öäå
> return 1
> }
> else
> {
> //ÖÄÅ
> return 0
> }
> }
> ]]>
> </script>
>
> In our tests, we send such a xml block to a servlet which will try to sign it.
> But we are unable to find any problems, i.e, the signatures created with both
> 1.4.1 and 1.4.0 are the same.
>
> Could anyone give us some indication?
I was not involved in fixing this bug, but I suggest you have a look at
the unit test that was written and this may give you a better idea how
to reproduce it:
src_unitTests/org/apache/xml/security/c14n/implementations/UtfHelperTest.java
--Sean