Skip site navigation (1) Skip section navigation (2)

XML with invalid chars

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: XML with invalid chars
Date: 2011-04-25 23:25:02
Message-ID: 4DB602CE.7020009@dunslane.net (view raw or flat)
Thread:
Lists: pgsql-hackers
I came across this today, while helping a customer. The following will 
happily create a piece of XML with an embedded ^A:

    select xmlelement(name foo, null, E'abc\x01def');

Now, a ^A is totally forbidden in XML version 1.0, and allowed but only 
as "&#x01;" or equivalent in XML version 1.1, and not as a 0x01 byte 
(see <http://en.wikipedia.org/wiki/XML#Valid_characters>)

ISTM this is something we should definitely try to fix ASAP, even if we 
probably can't backpatch the fix.

(Interestingly, the software than runs my PostgreSQL blog, Serendipity, 
appears to have a similar bug, at least in the version Devrim is using, 
having cheerfully embedded a ^L in its RSS feed a few days ago, thus 
causing planet.postgresql.org to blow up.)

cheers

andrew

Responses

pgsql-hackers by date

Next:From: Andrew DunstanDate: 2011-04-25 23:26:22
Subject: Re: Unfriendly handling of pg_hba SSL options with SSL off
Previous:From: Robert HaasDate: 2011-04-25 23:24:20
Subject: Re: Improving the memory allocator

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group