xml encoding

mariuss - July 10, 2008 - 16:32

Project:	OpenSearch Plugin
Version:	6.x-1.x-dev
Component:	Code
Category:	bug report
Priority:	critical
Assigned:	Unassigned
Status:	closed

Jump to:

When the XML output is generated various of pieces of information are plugged into an XML template. Not of this data is encoded and this can break the generated XML.

For example, if your site slogan contains something like " ", this ends up in the description and then in the XML output as is, but the & needs to be encoded.

Couple of issues here. When using Drupal variables you may want to scrub all HTML tags. Second, all content plugged into XML needs to be encoded.

» Login or register to post comments

#1

mariuss - July 10, 2008 - 16:38

Here is the slogan example again: " "

Login or register to post comments

#2

mariuss - July 11, 2008 - 00:47

Attached a patch, against CVS version, branch of Drupal 5.

Attachment	Size
xmlescape.patch	1.08 KB

Login or register to post comments

#3

Rob Loach - July 11, 2008 - 18:28

Version:	5.x-1.1	» 6.x-1.x-dev
Status:	active	» fixed

Thanks a lot, mariuss! Committed to both Drupal 5 and 6 branches.....
http://drupal.org/cvs?commit=126873
http://drupal.org/cvs?commit=126872

Login or register to post comments

#4

Anonymous (not verified) - July 31, 2008 - 04:47

Status:

fixed

» closed

Automatically closed -- issue fixed for two weeks with no activity.

Login or register to post comments

Drupal is a registered trademark of Dries Buytaert.