On Sat, Oct 02, 2010 at 03:18:30PM +0100, Richard W.M. Jones wrote: > virBufferEscapeString(&buf, " <name>%s</name>\n", def->name); I see this example is safe because virBufferEscapeString escapes the parameter. Sure there are still problems with a domain called "," or "/" though. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://et.redhat.com/~rjones/virt-df/ -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list