Opened 11 years ago
Closed 9 years ago
#20197 closed Cleanup/optimization (fixed)
XML serializer can output invalid characters
| Reported by: | ris | Owned by: | nobody |
|---|---|---|---|
| Component: | Core (Serialization) | Version: | 1.3 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Specifically Form Feed (0x0c), which is not allowed in XML. At all.
The problem is that saxutils' XMLGenerator is not safe against these characters and the result is having dumpdata output that loaddata can't reimport.
But I'm not sure what should be done about this though, because from what I've read, FF isn't even allowed to be numerically referenced in XML. So - should FFs just be silently swallowed? That doesn't seem right to me. Dumps are supposed to be perfect representations of the data.
Is this just a good reason not to use XML as a dump format?
(Noticed in 1.3, but code is the same in 1.4)
Change History (4)
comment:1 by , 11 years ago
| Component: | Core (Serialization) → Documentation |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
| Type: | Uncategorized → Cleanup/optimization |
comment:2 by , 9 years ago
| Has patch: | set |
|---|
This PR fails loudly when a control character is contained inside to-be-serialized content. I think that's better than silently producing invalid XML.
comment:3 by , 9 years ago
| Component: | Documentation → Core (Serialization) |
|---|---|
| Triage Stage: | Accepted → Ready for checkin |
Read also: http://www.w3.org/International/questions/qa-controls
I'd suggest to document that limitation in https://docs.djangoproject.com/en/dev/topics/serialization/#xml, and possibly https://docs.djangoproject.com/en/dev/ref/django-admin/#django-admin-dumpdata