Re: BUG #16277: xmlelement allows invalid XML characters when XML version is set to 1.0

From: Andreas Lennartsson <andreas(at)apkudo(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject: Re: BUG #16277: xmlelement allows invalid XML characters when XML version is set to 1.0
Date: 2020-02-26 18:44:50
Message-ID: CAOWD6R-emW-Or8AHCqjFqse1U+aQm0smUdaxWhNgj_NymH544w@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Thanks for the feedback. I get your point about backwards compatibility.
Maybe update the documentation to make it clear what is going on?

On Tue, Feb 25, 2020 at 5:00 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> Andreas Lennartsson <andreas(at)apkudo(dot)com> writes:
> >> On what grounds do you call it invalid?
>
> > Based on the valid control characters for XML 1.0
> > https://en.wikipedia.org/wiki/Valid_characters_in_XML
>
> Hm. According to that, C0 control characters *are* legal in XML 1.1,
> which would mean that to do this strictly correctly we'd have to
> understand the differences between different XML versions, which we
> don't --- and, as best I can tell in some quick testing, libxml2
> doesn't either. At least, it will happily take random values for the
> document version.
>
> xmlroot() just wraps the given XML text in a new outer <xml> declaration,
> without any regard for whether the new version number allows or disallows
> things that the possibly-implicit version would've allowed before. That
> seems of a piece with the generally cavalier treatment of the version
> in the rest of xml.c, though.
>
> TBH, it's unlikely that anyone is going to care about this enough
> to fix it, even if you could get consensus that making the code
> more strict was a good idea. (Backwards compatibility would argue
> against that, so I'm not sure such consensus would be easy to get.)
> But if you're sufficiently excited about it, you could try submitting
> a patch and see what happens.
>
> regards, tom lane
>

In response to

Browse pgsql-bugs by date

  From Date Subject
Next Message Michael Paquier 2020-02-27 02:31:20 Re: BUG #16276: Server crash on an invalid attempt to attach a partition to an index
Previous Message Sergei Kornilov 2020-02-26 17:11:26 Re: BUG #16279: Permissions doc incorrect for pg_buffercache