Skip site navigation (1) Skip section navigation (2)

Re: XMLATTRIBUTES vs. values of type XML

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Florian Pflug <fgp(at)phlo(dot)org>
Cc: PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: XMLATTRIBUTES vs. values of type XML
Date: 2011-07-27 14:18:35
Message-ID: 1311776315.5492.8.camel@fsopti579.F-Secure.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On tis, 2011-07-26 at 22:44 +0200, Florian Pflug wrote:
> While reviewing the (now applied) XPATH escaping patches, Radoslaw
> found one
> case where the previous failure of XPATH to escape its return value
> was offset
> by XMLATTRIBUTES insistence to escape all input values, even if
> they're
> already of type XML.
> 
> To wit, if you do
> 
>   SELECT XMLELEMENT(NAME "t", XMLATTRIBUTES('&amp;'::XML AS "a"))
> 
> you get
> 
>      xmlelement     
> --------------------
>  <t a="&amp;amp;"/> 

Per SQL standard, the attribute values may not be of type XML, so maybe
we should just prohibit it.


In response to

Responses

pgsql-hackers by date

Next:From: Yeb HavingaDate: 2011-07-27 14:40:23
Subject: Re: Pull up aggregate sublink (was: Parameterized aggregate subquery (was: Pull up aggregate subquery))
Previous:From: Robert HaasDate: 2011-07-27 14:16:21
Subject: Re: Pull up aggregate sublink (was: Parameterized aggregate subquery (was: Pull up aggregate subquery))

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group