Home > mailing lists

XML with invalid chars - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	XML with invalid chars
Date	April 25, 2011 23:25:15
Msg-id	4DB602CE.7020009@dunslane.net Whole thread Raw
Responses	Re: XML with invalid chars (Noah Misch <noah@leadboat.com>) Re: XML with invalid chars (Peter Eisentraut <peter_e@gmx.net>)
List	pgsql-hackers

Tree view

I came across this today, while helping a customer. The following will 
happily create a piece of XML with an embedded ^A:
   select xmlelement(name foo, null, E'abc\x01def');

Now, a ^A is totally forbidden in XML version 1.0, and allowed but only 
as "" or equivalent in XML version 1.1, and not as a 0x01 byte 
(see <http://en.wikipedia.org/wiki/XML#Valid_characters>)

ISTM this is something we should definitely try to fix ASAP, even if we 
probably can't backpatch the fix.

(Interestingly, the software than runs my PostgreSQL blog, Serendipity, 
appears to have a similar bug, at least in the version Devrim is using, 
having cheerfully embedded a ^L in its RSS feed a few days ago, thus 
causing planet.postgresql.org to blow up.)

cheers

andrew

pgsql-hackers by date:

From: Robert Haas
Date: 25 April 2011, 23:24:30
Subject: Re: Improving the memory allocator

From: Andrew Dunstan
Date: 25 April 2011, 23:26:29
Subject: Re: Unfriendly handling of pg_hba SSL options with SSL off

XML with invalid chars - Mailing list pgsql-hackers

Previous

Next