Skip Menu |
 

This queue is for tickets about the XML-Generator CPAN distribution.

Report information
The Basics
Id: 27148
Status: resolved
Priority: 0/
Queue: XML-Generator

People
Owner: BHOLZMAN [...] cpan.org
Requestors: estrai [...] estrai.com
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 0.99
Fixed in: (no value)



Subject: Not allowed entities
Download (untitled) / with headers
text/plain 918b
XML output is not parsed correctly when some not allowed entities are used, for example "&something;" To reproduce this problem try: perl -MXML::Generator -le 'my $xg=XML::Generator->new(escape=>always); print $xg->foo({bar=>"foo foo &bar; foo foo"}, "boo moo foo");' <foo bar="foo foo &bar; foo foo">boo moo foo</foo> perl -MXML::Simple -le 'XMLin( q{<foo bar="foo foo &bar; foo foo">boo moo foo</foo>} )' undefined entity at line 1, column 0, byte 0 at /opt/perl-5.8.6/lib/site_perl/5.8.6/i686-linux-thread-multi/XML/Parser.pm line 187 It occures in body part (<foo>&bar;</foo>) as well It not includes entities like &#xxx; My sugestion to fix this problem: my %ENTITIES = ( # Entities allowed quot => 1, apos => 1, lt => 1, gt => 1, amp => 1, ); $_[0] =~ s/&(.+?);/ $ENTITIES{$1} && "#" ne substr($1, 0, 1) ? "&$1;" : "&amp;$1;"/ge;
Subject: Re: [rt.cpan.org #27148] Not allowed entities
Date: Wed, 16 May 2007 08:28:53 -0400
To: bug-XML-Generator [...] rt.cpan.org
From: Benjamin Holzman <bholzman [...] earthlink.net>
Download (untitled) / with headers
text/plain 1.8k
Daniel Lukasiak via RT wrote: Show quoted text
> Wed May 16 05:29:41 2007: Request 27148 was acted upon. > Transaction: Ticket created by estrai > Queue: XML-Generator > Subject: Not allowed entities > Broken in: 0.99 > Severity: Important > Owner: Nobody > Requestors: estrai@estrai.com > Status: new > Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=27148 > > > > XML output is not parsed correctly when some not allowed entities are > used, for example "&something;" > > To reproduce this problem try: > perl -MXML::Generator -le 'my $xg=XML::Generator->new(escape=>always); > print $xg->foo({bar=>"foo foo &bar; foo foo"}, "boo moo foo");' > <foo bar="foo foo &bar; foo foo">boo moo foo</foo> > > perl -MXML::Simple -le 'XMLin( q{<foo bar="foo foo &bar; foo foo">boo > moo foo</foo>} )' > > undefined entity at line 1, column 0, byte 0 at > /opt/perl-5.8.6/lib/site_perl/5.8.6/i686-linux-thread-multi/XML/Parser.pm > line 187 > > It occures in body part (<foo>&bar;</foo>) as well > > It not includes entities like &#xxx; > > My sugestion to fix this problem: > > my %ENTITIES = ( # Entities allowed > quot => 1, > apos => 1, > lt => 1, > gt => 1, > amp => 1, > ); > > > $_[0] =~ s/&(.+?);/ $ENTITIES{$1} && "#" ne substr($1, 0, 1) > ? "&$1;" > : "&amp;$1;"/ge; > > > >
Daniel, It's actually a feature, though I can see how it might cause problems for you. Because XML::Generator generates independent snippets of XML that can be glued together later, it doesn't know which additional entities may be defined in an external or internal DTD. Automatically escaping unrecognized entities would then make it impossible to generate them unless I added an argument to the constructor to allow additional entities not to escape to be specified. I will consider that. Thanks, Ben
From: estrai [...] estrai.com
Download (untitled) / with headers
text/plain 765b
On Wed May 16 08:29:25 2007, bholzman@earthlink.net wrote: Show quoted text
> Daniel, > > It's actually a feature, though I can see how it might cause problems > for you. Because XML::Generator generates independent snippets of XML > that can be glued together later, it doesn't know which additional > entities may be defined in an external or internal DTD. Automatically > escaping unrecognized entities would then make it impossible to generate > them unless I added an argument to the constructor to allow additional > entities not to escape to be specified. I will consider that.
Yes, you're absolutely right Ben. I forgot about the different DTDs. Actually I easly extended XML::Generator for my needs, but such solution you writing about is much better. Thanks.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.