On Tue, May 12, 2009 at 05:08:21PM +0200, Daniel Veillard wrote:
The associated patch solves https://bugzilla.redhat.com/show_bug.cgi?id=499791 where ' or " character in attribute values may lead to non well-formed XML. This takes the simplest approach to always escape then to ' and " since this is completely equivalent from an XML point of view and avoid the trouble.
ACK, this is simpler than the change I was suggesting :-) Daniel
Index: src/buf.c =================================================================== RCS file: /data/cvs/libxen/src/buf.c,v retrieving revision 1.21 diff -u -u -r1.21 buf.c --- src/buf.c 17 Nov 2008 11:03:25 -0000 1.21 +++ src/buf.c 12 May 2009 15:02:00 -0000 @@ -266,7 +266,7 @@ return;
len = strlen(str); - if (VIR_ALLOC_N(escaped, 5 * len + 1) < 0) { + if (VIR_ALLOC_N(escaped, 6 * len + 1) < 0) { virBufferNoMemory(buf); return; } @@ -290,6 +290,20 @@ *out++ = 'm'; *out++ = 'p'; *out++ = ';'; + } else if (*cur == '"') { + *out++ = '&'; + *out++ = 'q'; + *out++ = 'u'; + *out++ = 'o'; + *out++ = 't'; + *out++ = ';'; + } else if (*cur == '\'') { + *out++ = '&'; + *out++ = 'a'; + *out++ = 'p'; + *out++ = 'o'; + *out++ = 's'; + *out++ = ';'; } else if ((*cur >= 0x20) || (*cur == '\n') || (*cur == '\t') || (*cur == '\r')) { /*
-- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
-- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|