[issue12129] Document Object Model API - validation
Pradeep
report at bugs.python.org
Fri Dec 23 03:39:36 EST 2016
Pradeep added the comment:
xml minidom.py needs extra validation in setAttributes for certain special characters depending on the attribute name. Attribute values cannot have special characters like <,> and cant be nested as described in the example below
element01 = doc.createElement('element01')
element01.setAttribute('attribute', "script><![CDATA[alert('script!');]]></script>")
doc.firstChild.appendChild(element01)
script shouldn't be allowed as a value for an attribute and I feel it should throw an exception (Value Exception) and as described above <,> shouldn't be allowed as attributes are more like key-value pairs. Could someone tell me if this is right? If it is, then minidom.py needs this extra level of validation for the same
----------
nosy: +pdeep5693
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue12129>
_______________________________________
More information about the Python-bugs-list
mailing list