[Expat-bugs] [ expat-Bugs-1742315 ] Harmful XML_ParserCreateNS suggestion
SourceForge.net
noreply at sourceforge.net
Sun Jun 24 05:54:02 CEST 2007
Bugs item #1742315, was opened at 2007-06-24 05:54
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=1742315&group_id=10127
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Documentation
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Björn Höhrmann (hoehrmann)
Assigned to: Fred L. Drake, Jr. (fdrake)
Summary: Harmful XML_ParserCreateNS suggestion
Initial Comment:
The documentation for XML_ParserCreateNS says for the sep parameter "you should pick a character for sep that can't be part of a legal URI".
This is a very bad suggestion, for example, the test suite uses the space character and Google code search suggests other people are using among other things "|", "!", "#", "&", ":", "/", and tab.
It is true that legal URIs cannot contain some of these characters such as space and tab, but xmlns attributes certainly can and Expat does not filter them out. Poorly written name expansion code is so easily vulnerable to attack.
Instead, the documentation should strongly recommend against using any of these characters and recommend to use a character that cannot occur in XML_Char arrays. In particular, -1 and WCHAR_MAX cannot occur because UTF-8 prohibits 0xFF and XML prohibits U+FFFF. Another suggestion would be 0x01 if Expat will never support XML 1.1.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=1742315&group_id=10127
More information about the Expat-bugs
mailing list