| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Florian Pflug <fgp(at)phlo(dot)org> |
| Cc: | PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: XMLATTRIBUTES vs. values of type XML |
| Date: | 2011-07-27 14:18:35 |
| Message-ID: | 1311776315.5492.8.camel@fsopti579.F-Secure.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On tis, 2011-07-26 at 22:44 +0200, Florian Pflug wrote:
> While reviewing the (now applied) XPATH escaping patches, Radoslaw
> found one
> case where the previous failure of XPATH to escape its return value
> was offset
> by XMLATTRIBUTES insistence to escape all input values, even if
> they're
> already of type XML.
>
> To wit, if you do
>
> SELECT XMLELEMENT(NAME "t", XMLATTRIBUTES('&'::XML AS "a"))
>
> you get
>
> xmlelement
> --------------------
> <t a="&amp;"/>
Per SQL standard, the attribute values may not be of type XML, so maybe
we should just prohibit it.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yeb Havinga | 2011-07-27 14:40:23 | Re: Pull up aggregate sublink (was: Parameterized aggregate subquery (was: Pull up aggregate subquery)) |
| Previous Message | Robert Haas | 2011-07-27 14:16:21 | Re: Pull up aggregate sublink (was: Parameterized aggregate subquery (was: Pull up aggregate subquery)) |