10:08 a.m.
The associated patch solves
https://bugzilla.redhat.com/show_bug.cgi?id=499791
where ' or " character in attribute values may lead to non
well-formed XML. This takes the simplest approach to always escape
then to ' and " since this is completely equivalent from
an XML point of view and avoid the trouble.
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
4:31 a.m.
On Tue, May 12, 2009 at 05:08:21PM +0200, Daniel Veillard wrote:
The associated patch solves
https://bugzilla.redhat.com/show_bug.cgi?id=499791
where ' or " character in attribute values may lead to non
well-formed XML. This takes the simplest approach to always escape
then to ' and " since this is completely equivalent from
an XML point of view and avoid the trouble.
ACK, this is simpler than the change I was suggesting :-)
Daniel
Index: src/buf.c
===================================================================
RCS file: /data/cvs/libxen/src/buf.c,v
retrieving revision 1.21
diff -u -u -r1.21 buf.c
--- src/buf.c 17 Nov 2008 11:03:25 -0000 1.21
+++ src/buf.c 12 May 2009 15:02:00 -0000
@@ -266,7 +266,7 @@
return;
len = strlen(str);
- if (VIR_ALLOC_N(escaped, 5 * len + 1) < 0) {
+ if (VIR_ALLOC_N(escaped, 6 * len + 1) < 0) {
virBufferNoMemory(buf);
return;
}
@@ -290,6 +290,20 @@
*out++ = 'm';
*out++ = 'p';
*out++ = ';';
+ } else if (*cur == '"') {
+ *out++ = '&';
+ *out++ = 'q';
+ *out++ = 'u';
+ *out++ = 'o';
+ *out++ = 't';
+ *out++ = ';';
+ } else if (*cur == '\'') {
+ *out++ = '&';
+ *out++ = 'a';
+ *out++ = 'p';
+ *out++ = 'o';
+ *out++ = 's';
+ *out++ = ';';
} else if ((*cur >= 0x20) || (*cur == '\n') || (*cur == '\t')
||
(*cur == '\r')) {
/*
--
Libvir-list mailing list
Libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
11:20 a.m.
On Wed, May 13, 2009 at 10:31:31AM +0100, Daniel P. Berrange wrote:
On Tue, May 12, 2009 at 05:08:21PM +0200, Daniel Veillard wrote:
> The associated patch solves
> https://bugzilla.redhat.com/show_bug.cgi?id=499791
> where ' or " character in attribute values may lead to non
> well-formed XML. This takes the simplest approach to always escape
> then to ' and " since this is completely equivalent from
> an XML point of view and avoid the trouble.
ACK, this is simpler than the change I was suggesting :-)
Thanks, commited !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
5672
days inactive
5673
days old
2 comments
2 participants
participants (2)
-
Daniel P. Berrange -
Daniel Veillard