Message 136402 - Python tracker

Message136402

Author	Kyle.Keating
Recipients	Kyle.Keating
Date	2011-05-20.22:02:10
SpamBayes Score	9.593722e-05
Marked as misclassified	No
Message-id	<1305928931.2.0.716148568641.issue12129@psf.upfronthosting.co.za>
In-reply-to

Content
I was doing some tests on using this library and I noticed xml elements and attribute names could be created with mal-formed xml because special characters which can break validation are not cleaned or converted from their literal forms. Only the attribute values are cleaned, but not the names. For example import xml.dom ... doc.createElement("p></p>") ... will just embed a pair of p tags in the xml result. I thought that the xml spec did not permit <, >, &, \n etc. in the element name or attribute name? Could I get some clarification on this, thanks!

Content

I was doing some tests on using this library and I noticed xml elements and attribute names could be created with mal-formed xml because special characters which can break validation are not cleaned or converted from their literal forms. Only the attribute values are cleaned, but not the names.

For example

import xml.dom

...
doc.createElement("p></p>") 
...

will just embed a pair of p tags in the xml result. I thought that the xml spec did not permit <, >, &, \n etc. in the element name or attribute name? Could I get some clarification on this, thanks!

History
Date	User	Action	Args
2011-05-20 22:02:11	Kyle.Keating	set	recipients: + Kyle.Keating
2011-05-20 22:02:11	Kyle.Keating	set	messageid: <1305928931.2.0.716148568641.issue12129@psf.upfronthosting.co.za>
2011-05-20 22:02:10	Kyle.Keating	link	issue12129 messages
2011-05-20 22:02:10	Kyle.Keating	create