Opened 3 years ago

Closed 14 months ago

#20197 closed Cleanup/optimization (fixed)

XML serializer can output invalid characters

Reported by: ris Owned by: nobody
Component: Core (Serialization) Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Specifically Form Feed (0x0c), which is not allowed in XML. At all.

The problem is that saxutils' XMLGenerator is not safe against these characters and the result is having dumpdata output that loaddata can't reimport.

But I'm not sure what should be done about this though, because from what I've read, FF isn't even allowed to be numerically referenced in XML. So - should FFs just be silently swallowed? That doesn't seem right to me. Dumps are supposed to be perfect representations of the data.

Is this just a good reason not to use XML as a dump format?

(Noticed in 1.3, but code is the same in 1.4)

Change History (4)

comment:1 Changed 3 years ago by claudep

  • Component changed from Core (Serialization) to Documentation
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted
  • Type changed from Uncategorized to Cleanup/optimization

comment:2 Changed 14 months ago by claudep

  • Has patch set

This PR fails loudly when a control character is contained inside to-be-serialized content. I think that's better than silently producing invalid XML.

comment:3 Changed 14 months ago by timgraham

  • Component changed from Documentation to Core (Serialization)
  • Triage Stage changed from Accepted to Ready for checkin

comment:4 Changed 14 months ago by Claude Paroz <claude@…>

  • Resolution set to fixed
  • Status changed from new to closed

In 9368f51e:

Fixed #20197 -- Made XML serializer fail loudly when outputting unserializable chars

Thanks Tim Graham for the review.

Note: See TracTickets for help on using tickets.
Back to Top