Opened 7 years ago

Closed 5 years ago

#20197 closed Cleanup/optimization (fixed)

XML serializer can output invalid characters

Reported by: ris Owned by: nobody
Component: Core (Serialization) Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Specifically Form Feed (0x0c), which is not allowed in XML. At all.

The problem is that saxutils' XMLGenerator is not safe against these characters and the result is having dumpdata output that loaddata can't reimport.

But I'm not sure what should be done about this though, because from what I've read, FF isn't even allowed to be numerically referenced in XML. So - should FFs just be silently swallowed? That doesn't seem right to me. Dumps are supposed to be perfect representations of the data.

Is this just a good reason not to use XML as a dump format?

(Noticed in 1.3, but code is the same in 1.4)

Change History (4)

comment:1 Changed 7 years ago by Claude Paroz

Component: Core (Serialization)Documentation
Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization

comment:2 Changed 5 years ago by Claude Paroz

Has patch: set

This PR fails loudly when a control character is contained inside to-be-serialized content. I think that's better than silently producing invalid XML.

comment:3 Changed 5 years ago by Tim Graham

Component: DocumentationCore (Serialization)
Triage Stage: AcceptedReady for checkin

comment:4 Changed 5 years ago by Claude Paroz <claude@…>

Resolution: fixed
Status: newclosed

In 9368f51e:

Fixed #20197 -- Made XML serializer fail loudly when outputting unserializable chars

Thanks Tim Graham for the review.

Note: See TracTickets for help on using tickets.
Back to Top