Affects Version/s: None
Fix Version/s: 2.7.1
This issue was found by Henry Zongaro.
If you try the following stylesheet, you'll see that the character x8C, which is not permitted in literal form in XML 1.1, is escaped when it appears in an element's character content, but it's not escaped when it is part of an attribute value.
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
<xsl:output method="xml" version="1.1"/>
When the serialized XML produced by this stylesheet is parsed by Xerces (depending perhaps on the version of Xerces) it goes into an infinite loop when it attempts to parse an attribute that contains an invalid character.