[libvirt] [PATCH] avoid XML attributes escaping problems
Daniel P. Berrange
berrange at redhat.com
Wed May 13 09:31:31 UTC 2009
On Tue, May 12, 2009 at 05:08:21PM +0200, Daniel Veillard wrote:
> The associated patch solves
> https://bugzilla.redhat.com/show_bug.cgi?id=499791
> where ' or " character in attribute values may lead to non
> well-formed XML. This takes the simplest approach to always escape
> then to ' and " since this is completely equivalent from
> an XML point of view and avoid the trouble.
ACK, this is simpler than the change I was suggesting :-)
Daniel
> Index: src/buf.c
> ===================================================================
> RCS file: /data/cvs/libxen/src/buf.c,v
> retrieving revision 1.21
> diff -u -u -r1.21 buf.c
> --- src/buf.c 17 Nov 2008 11:03:25 -0000 1.21
> +++ src/buf.c 12 May 2009 15:02:00 -0000
> @@ -266,7 +266,7 @@
> return;
>
> len = strlen(str);
> - if (VIR_ALLOC_N(escaped, 5 * len + 1) < 0) {
> + if (VIR_ALLOC_N(escaped, 6 * len + 1) < 0) {
> virBufferNoMemory(buf);
> return;
> }
> @@ -290,6 +290,20 @@
> *out++ = 'm';
> *out++ = 'p';
> *out++ = ';';
> + } else if (*cur == '"') {
> + *out++ = '&';
> + *out++ = 'q';
> + *out++ = 'u';
> + *out++ = 'o';
> + *out++ = 't';
> + *out++ = ';';
> + } else if (*cur == '\'') {
> + *out++ = '&';
> + *out++ = 'a';
> + *out++ = 'p';
> + *out++ = 'o';
> + *out++ = 's';
> + *out++ = ';';
> } else if ((*cur >= 0x20) || (*cur == '\n') || (*cur == '\t') ||
> (*cur == '\r')) {
> /*
> --
> Libvir-list mailing list
> Libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list