Opened 3 years ago

Closed 16 months ago

#20197 closed Cleanup/optimization (fixed)

XML serializer can output invalid characters

Reported by: ris Owned by: nobody
Component: Core (Serialization) Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Specifically Form Feed (0x0c), which is not allowed in XML. At all.

The problem is that saxutils' XMLGenerator is not safe against these characters and the result is having dumpdata output that loaddata can't reimport.

But I'm not sure what should be done about this though, because from what I've read, FF isn't even allowed to be numerically referenced in XML. So - should FFs just be silently swallowed? That doesn't seem right to me. Dumps are supposed to be perfect representations of the data.

Is this just a good reason not to use XML as a dump format?

(Noticed in 1.3, but code is the same in 1.4)

Change History (4)

comment:1 Changed 3 years ago by Claude Paroz

Component: Core (Serialization)Documentation
Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset
Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization

comment:2 Changed 16 months ago by Claude Paroz

Has patch: set

This PR fails loudly when a control character is contained inside to-be-serialized content. I think that's better than silently producing invalid XML.

comment:3 Changed 16 months ago by Tim Graham

Component: DocumentationCore (Serialization)
Triage Stage: AcceptedReady for checkin

comment:4 Changed 16 months ago by Claude Paroz <claude@…>

Resolution: fixed
Status: newclosed

In 9368f51e:

Fixed #20197 -- Made XML serializer fail loudly when outputting unserializable chars

Thanks Tim Graham for the review.

Note: See TracTickets for help on using tickets.
Back to Top