[issue10066] xmlrpclib does not handle some non-printable characters properly
Peter Gyorko
report at bugs.python.org
Wed Oct 13 16:16:55 CEST 2010
Peter Gyorko <gyorkop at balabit.hu> added the comment:
The shortest code which can trigger this error is the following:
>>> import xmlrpclib
>>> print xmlrpclib.dumps(('\x01',))
<params>
<param>
<value><string></string></value>
</param>
</params>
As you can see, the escape method does not care about non-printable characters which can cause parsing error in the other side.
My previous patch used \x to tell to the other side that the value contains some binary garbage. It you want to reject these binary bytes (which was not acceptable in my case), use this patch:
--- a/xmlrpclib.py 2010-10-13 14:45:02.000000000 +0200
+++ b/xmlrpclib.py 2010-10-13 16:03:14.000000000 +0200
@@ -165,6 +165,9 @@
return data
def escape(s, replace=string.replace):
+ if (None != re.search('[\x00-\x08\x0b-\x0c\x0e-\x1f\x7f-\xff]', s)):
+ raise Fault(INVALID_ENCODING_CHAR, 'Non-printable character in string')
+
s = replace(s, "&", "&")
s = replace(s, "<", "<")
return replace(s, ">", ">",)
An other idea: we may use CDATA (http://www.w3schools.com/xml/xml_cdata.asp) to transfer binary values...
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue10066>
_______________________________________
More information about the Python-bugs-list
mailing list