Home > mailing lists

Re: XML element with special characters can be created, serialized, but not deserialized - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: XML element with special characters can be created, serialized, but not deserialized
Date	May 16, 2023 18:21:00
Msg-id	2650678.1684250460@sss.pgh.pa.us Whole thread Raw
In response to	XML element with special characters can be created, serialized, but not deserialized (Sergiu Ignat <sergiu@bitsoftware.ro>)
List	pgsql-bugs

Tree view

Sergiu Ignat <sergiu@bitsoftware.ro> writes:
> I am using PostgreSQL 13.8 and I think that I found an issue with XML
> serialization and deserialization.

Hmm.  The root cause here seems to be that escape_xml() thinks it
doesn't need to escape ASCII control characters, other than CR (\r).
Which is a bit backwards, because after some googling I conclude that
XML 1.1 requires all C0 and C1 control characters to be represented as
numeric escapes *except* CR, LF, and TAB [1].

What we probably ought to do is escape all except LF and TAB.
However, I'm a bit hesitant to back-patch such a behavioral change.
Maybe change this in HEAD (v16) only?

            regards, tom lane

[1] https://www.w3.org/International/questions/qa-controls

pgsql-bugs by date:

From: Tom Lane
Date: 16 May 2023, 17:23:03
Subject: Re: BUG #17935: Incorrect memory access in fuzzystrmatch/difference()

From: Tom Lane
Date: 16 May 2023, 22:23:34
Subject: Re: Clause accidentally pushed down ( Possible bug in Making Vars outer-join aware)

Re: XML element with special characters can be created, serialized, but not deserialized - Mailing list pgsql-bugs

Previous

Next