Opened 7 years ago

Closed 6 years ago

#6657 closed defect (worksforme)

XML special symbols in ticket content lead to invalid XML in response

Reported by: fazend Owned by: Odd Simon Simonsen
Priority: high Component: XmlRpcPlugin
Severity: major Keywords: XML
Cc: Trac Release: 0.11


When a ticket content has & (for example), than the ticket.get() call will return an XML, which is invalid.

I suppose we should parse such symbols and convert them to proper XML entities.

Attachments (0)

Change History (2)

comment:1 Changed 6 years ago by Odd Simon Simonsen

I have a feeling this happens on the client side, and your library don't encode the received data back as it should before passing using it in new xml. At the server-side we use xmlrpclib to do this, and it works like this:

>>> from xmlrpclib import dumps, loads
>>> dumps(('1 & 2',))
'<params>\n<param>\n<value><string>1 &amp; 2</string></value>\n</param>\n</params>\n'
>>> loads('<params>\n<param>\n<value><string>1 &amp; 2</string></value>\n</param>\n</params>\n')
(('1 & 2',), None)

So, before passing the content back you need to be sure it gets encoded by your client / library of choice. The server expects this to be encoded. I'm not sure what the error message on server is (haven't tested) but we could likely add a test for this just to see what happens :-)

comment:2 Changed 6 years ago by Odd Simon Simonsen

Resolution: worksforme
Status: newclosed

In [9262] I've added a functional test for this too, and I can see nothing wrong in the RPC implementation - or accessing it using Python xmlrpclib. This must be an issue with some other client library.

Modify Ticket

as closed The owner will remain Odd Simon Simonsen.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.