Modify

Opened 4 years ago

Closed 4 years ago

#6657 closed defect (worksforme)

XML special symbols in ticket content lead to invalid XML in response

Reported by: fazend Owned by: osimons
Priority: high Component: XmlRpcPlugin
Severity: major Keywords: XML
Cc: Trac Release: 0.11

Description

When a ticket content has & (for example), than the ticket.get() call will return an XML, which is invalid.

I suppose we should parse such symbols and convert them to proper XML entities.

Attachments (0)

Change History (2)

comment:1 Changed 4 years ago by osimons

I have a feeling this happens on the client side, and your library don't encode the received data back as it should before passing using it in new xml. At the server-side we use xmlrpclib to do this, and it works like this:

>>> from xmlrpclib import dumps, loads
>>> dumps(('1 & 2',))
'<params>\n<param>\n<value><string>1 &amp; 2</string></value>\n</param>\n</params>\n'
>>> loads('<params>\n<param>\n<value><string>1 &amp; 2</string></value>\n</param>\n</params>\n')
(('1 & 2',), None)

So, before passing the content back you need to be sure it gets encoded by your client / library of choice. The server expects this to be encoded. I'm not sure what the error message on server is (haven't tested) but we could likely add a test for this just to see what happens :-)

comment:2 Changed 4 years ago by osimons

  • Resolution set to worksforme
  • Status changed from new to closed

In [9262] I've added a functional test for this too, and I can see nothing wrong in the RPC implementation - or accessing it using Python xmlrpclib. This must be an issue with some other client library.

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from osimons. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.