On Mon, Mar 17, 2014 at 05:00:16PM +0100, Giuseppe Scrivano wrote: > Christophe Fergeau <cfergeau@xxxxxxxxxx> writes: > > >> Solves this problem: > >> > >> $ osinfo-install-script rhel6.5 -c "admin-password=a&b" > >> error : unterminated entity reference b > > > > > > Shouldn't we be XML-escaping user-input instead ( > > xmlEncodeEntitiesReentrant() ) ? > > the same would happen, for example, if the password is generated > randomly. If you try enough times the same command without the > '-c "admin-password=a&b"' part, you will hit the same problem at some > point. I think it is safer to fix it at this level. My initial thought was to fix this when this string is set on the OsinfoInstallScriptConfig object, but there is no special code handling this parameter in osinfo-install-script nor in OsinfoInstallScriptConfig, just generic code setting an entity param, so this patch is probably the only place where we can solve this. However, I'm not familiar enough with the implications of using this 'raw' node API to feel comfortable ACKing this :-/ Christophe
Attachment:
pgpnnsGjfgxO_.pgp
Description: PGP signature
_______________________________________________ Libosinfo mailing list Libosinfo@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libosinfo
