| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | XML with invalid chars |
| Date: | 2011-04-25 23:25:02 |
| Message-ID: | 4DB602CE.7020009@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I came across this today, while helping a customer. The following will
happily create a piece of XML with an embedded ^A:
select xmlelement(name foo, null, E'abc\x01def');
Now, a ^A is totally forbidden in XML version 1.0, and allowed but only
as "" or equivalent in XML version 1.1, and not as a 0x01 byte
(see <http://en.wikipedia.org/wiki/XML#Valid_characters>)
ISTM this is something we should definitely try to fix ASAP, even if we
probably can't backpatch the fix.
(Interestingly, the software than runs my PostgreSQL blog, Serendipity,
appears to have a similar bug, at least in the version Devrim is using,
having cheerfully embedded a ^L in its RSS feed a few days ago, thus
causing planet.postgresql.org to blow up.)
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2011-04-25 23:26:22 | Re: Unfriendly handling of pg_hba SSL options with SSL off |
| Previous Message | Robert Haas | 2011-04-25 23:24:20 | Re: Improving the memory allocator |