On Tue, May 12, 2009 at 05:08:21PM +0200, Daniel Veillard wrote: > The associated patch solves > https://bugzilla.redhat.com/show_bug.cgi?id=499791 > where ' or " character in attribute values may lead to non > well-formed XML. This takes the simplest approach to always escape > then to ' and " since this is completely equivalent from > an XML point of view and avoid the trouble. ACK, this is simpler than the change I was suggesting :-) Daniel > Index: src/buf.c > =================================================================== > RCS file: /data/cvs/libxen/src/buf.c,v > retrieving revision 1.21 > diff -u -u -r1.21 buf.c > --- src/buf.c 17 Nov 2008 11:03:25 -0000 1.21 > +++ src/buf.c 12 May 2009 15:02:00 -0000 > @@ -266,7 +266,7 @@ > return; > > len = strlen(str); > - if (VIR_ALLOC_N(escaped, 5 * len + 1) < 0) { > + if (VIR_ALLOC_N(escaped, 6 * len + 1) < 0) { > virBufferNoMemory(buf); > return; > } > @@ -290,6 +290,20 @@ > *out++ = 'm'; > *out++ = 'p'; > *out++ = ';'; > + } else if (*cur == '"') { > + *out++ = '&'; > + *out++ = 'q'; > + *out++ = 'u'; > + *out++ = 'o'; > + *out++ = 't'; > + *out++ = ';'; > + } else if (*cur == '\'') { > + *out++ = '&'; > + *out++ = 'a'; > + *out++ = 'p'; > + *out++ = 'o'; > + *out++ = 's'; > + *out++ = ';'; > } else if ((*cur >= 0x20) || (*cur == '\n') || (*cur == '\t') || > (*cur == '\r')) { > /* > -- > Libvir-list mailing list > Libvir-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/libvir-list -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list