22 Aug
2008
22 Aug
'08
8:31 p.m.
On Fri, 2008-08-22 at 19:16 +0200, Jim Meyering wrote:
+ asprintf(&srcSpec, + "<source><host name='%.*s' port='%s'/></source>", + hostlen, host, port) :
Do the hostname and port string need to be quoted (and/or evoke warning/failure), in case they contain things like "'"?
The host string isn't quoted when creating XML in some similar code in cmdPoolCreateAs ... but that's not necessarily a good justification. Is there an existing routine to quote a string to make it suitable for an XML attribute value? (Something in libxml2, perhaps??) I'm not even sure of the correct syntax to quote a "'" in an attribute value, for example. Dave