On Thu, Mar 20, 2014 at 2:56 PM, Christophe Fergeau <cfergeau@xxxxxxxxxx> wrote: > On Mon, Mar 17, 2014 at 05:00:16PM +0100, Giuseppe Scrivano wrote: >> Christophe Fergeau <cfergeau@xxxxxxxxxx> writes: >> >> >> Solves this problem: >> >> >> >> $ osinfo-install-script rhel6.5 -c "admin-password=a&b" >> >> error : unterminated entity reference b >> > >> > >> > Shouldn't we be XML-escaping user-input instead ( >> > xmlEncodeEntitiesReentrant() ) ? >> >> the same would happen, for example, if the password is generated >> randomly. If you try enough times the same command without the >> '-c "admin-password=a&b"' part, you will hit the same problem at some >> point. I think it is safer to fix it at this level. > > My initial thought was to fix this when this string is set on the > OsinfoInstallScriptConfig object, but there is no special code handling this parameter > in osinfo-install-script nor in OsinfoInstallScriptConfig, just generic > code setting an entity param, so this patch is probably the only place > where we can solve this. > > However, I'm not familiar enough with the implications of using > this 'raw' node API to feel comfortable ACKing this :-/ Looking at the docs, it should be fine. Giuseppe, I assume you ensured `make check` doesn't break with this? _______________________________________________ Libosinfo mailing list Libosinfo@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libosinfo
