[libvirt] [PATCH] avoid XML attributes escaping problems
Daniel Veillard
veillard at redhat.com
Tue May 12 15:08:21 UTC 2009
The associated patch solves
https://bugzilla.redhat.com/show_bug.cgi?id=499791
where ' or " character in attribute values may lead to non
well-formed XML. This takes the simplest approach to always escape
then to ' and " since this is completely equivalent from
an XML point of view and avoid the trouble.
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
-------------- next part --------------
Index: src/buf.c
===================================================================
RCS file: /data/cvs/libxen/src/buf.c,v
retrieving revision 1.21
diff -u -u -r1.21 buf.c
--- src/buf.c 17 Nov 2008 11:03:25 -0000 1.21
+++ src/buf.c 12 May 2009 15:02:00 -0000
@@ -266,7 +266,7 @@
return;
len = strlen(str);
- if (VIR_ALLOC_N(escaped, 5 * len + 1) < 0) {
+ if (VIR_ALLOC_N(escaped, 6 * len + 1) < 0) {
virBufferNoMemory(buf);
return;
}
@@ -290,6 +290,20 @@
*out++ = 'm';
*out++ = 'p';
*out++ = ';';
+ } else if (*cur == '"') {
+ *out++ = '&';
+ *out++ = 'q';
+ *out++ = 'u';
+ *out++ = 'o';
+ *out++ = 't';
+ *out++ = ';';
+ } else if (*cur == '\'') {
+ *out++ = '&';
+ *out++ = 'a';
+ *out++ = 'p';
+ *out++ = 'o';
+ *out++ = 's';
+ *out++ = ';';
} else if ((*cur >= 0x20) || (*cur == '\n') || (*cur == '\t') ||
(*cur == '\r')) {
/*
More information about the libvir-list
mailing list