Bug 339576 – Missing validation of QNames

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 339576 - Missing validation of QNames


Summary:	Missing validation of QNames


Status:	RESOLVED FIXED

Product:	libxslt
Classification:	Platform
Component:	general
Version:	1.1.15
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	kbuchcik
QA Contact:	libxml QA maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2006-04-24 14:43 UTC by kbuchcik
Modified:	2006-05-11 14:04 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description kbuchcik 2006-04-24 14:43:37 UTC

Example: The QNames specified by "cdata-section-elements" are not checked for being valid QNames; in xsltParseStylesheetOutput() only xsltGetQNameURI() is called, which does not catch the following cases:
1) ":"
2) "foo:bar:boo"

Either we should enhance xsltGetQNameURI() to check for validity or we should validate the value before passing to xsltGetQNameURI().

"qnames.xsl"
------------
<?xml version='1.0'?>
<xsl:stylesheet version="1.0"
    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
	xmlns:foo="urn:test:foo">
  <xsl:output cdata-section-elements=": foo:bar:boo"/>
  <xsl:template match="/">
  	<foo/>
  </xsl:template>  
</xsl:stylesheet>

xsltproc qnames.xsl ..\test.xml
<?xml version="1.0"?>
<foo xmlns:foo="urn:test:foo"/>

Comment 1 kbuchcik 2006-05-11 14:04:11 UTC

Fixed in CVS, xslt.c, revision 1.127.
We are using now validating the QName beforehand with xmlValidateQName().