Uploaded image for project: 'Log4net'
  1. Log4net
  2. LOG4NET-22

XmlLayout allows output of invalid control characters

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.2.9
    • Fix Version/s: 1.2.10
    • Component/s: Appenders
    • Labels:
      None

      Description

      XmlLayout allows output of invalid control characters.

      Reported by Mike Blake-Knox with additional comments from Curt Arnold.

      The XmlLayout encodes the character 0x1e as  using the standard XML numeric character reference.

      This character code is in a range which is not allowed to appear in XML 1.0 either as a un-encoded value or as a numeric character reference.

      The valid character ranges are defined here in the XML recommendation:
      http://www.w3.org/TR/REC-xml/#charsets

      They are:

      #x9 | #xA | #xD | x20-#xD7FF | xE000-#xFFFD | x10000-#x10FFFF

      Numeric character references are not able to express characters from outside these ranges.

      The System.Xml.XmlTextWriter does not verify if the unicode character is valid in XML, but it does encode it as a numeric character reference if it cannot be expressed in the output encoding.

      To complicate matters further XML 1.1 does allow further, so called restricted characters, to be included in the output if they are encoded as numeric character references. These ranges are:

      x1-#x8 | xB-#xC | xE-#x1F | x7F-#x84 | x86-#x9F

      See http://www.w3.org/TR/2004/REC-xml11-20040204/#charsets for details.

        Attachments

          Activity

            People

            • Assignee:
              niall Niall Daley
              Reporter:
              nicko Nicko Cadell
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: