Uploaded image for project: 'XalanJ2'
  1. XalanJ2
  2. XALANJ-2271

XML 1.1 Serialization, char in attribute value not escaped

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.7.1
    • Component/s: None
    • Labels:
      None
    • Xalan info:
      PatchAvailable

      Description

      This issue was found by Henry Zongaro.

      If you try the following stylesheet, you'll see that the character x8C, which is not permitted in literal form in XML 1.1, is escaped when it appears in an element's character content, but it's not escaped when it is part of an attribute value.

      <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
      <xsl:output method="xml" version="1.1"/>
      <xsl:template match="/">
      <out att="Œ">Œ</out>
      </xsl:template>
      </xsl:stylesheet>

      When the serialized XML produced by this stylesheet is parsed by Xerces (depending perhaps on the version of Xerces) it goes into an infinite loop when it attempts to parse an attribute that contains an invalid character.

        Attachments

        1. character.expansion.patch3.txt
          41 kB
          Brian Minchau
        2. character.expansion.patch1.txt
          37 kB
          Brian Minchau

        Issue Links

          Activity

            People

            • Assignee:
              minchau@ca.ibm.com Brian Minchau
              Reporter:
              minchau@ca.ibm.com Brian Minchau
              Reviewer:
              Henry Zongaro

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment