GNOME Bugzilla – Bug 503275
Quotation marks and apostrophes not encoded properly by libxml2
Last modified: 2021-07-05 13:23:53 UTC
Please describe the problem: Enter command: xmlstarlet esc "<&\"'>" Expect results: <&"'> Actual results: <&"'> Steps to reproduce: Enter command: xmlstarlet esc "<&\"'>" Actual results: Results: <&"'> Expected results: Expect: <&"'> Does this happen every time? yes Other information: The source file xml_escape.c in the xml_starlet path calls xmlEncodeEntitiesReentrant() in libxml2-2.6.23:entities.c. Here is the code snippet that is possibly broken: /* * By default one have to encode at least '<', '>', '"' and '&' ! */ if (*cur == '<') { *out++ = '&'; *out++ = 'l'; *out++ = 't'; *out++ = ';'; } else if (*cur == '>') { *out++ = '&'; *out++ = 'g'; *out++ = 't'; *out++ = ';'; } else if (*cur == '&') { *out++ = '&'; *out++ = 'a'; *out++ = 'm'; *out++ = 'p'; *out++ = ';'; } else if (((*cur >= 0x20) && (*cur < 0x80)) || (*cur == '\n') || (*cur == '\t') || ((html) && (*cur == '\r'))) { /* * default case, just copy ! */ *out++ = *cur; } The double quote and apostrophe are not singled out and are thus just copied to the output stream ...
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org. As part of that, we are mass-closing older open tickets in bugzilla.gnome.org which have not seen updates for a longer time (resources are unfortunately quite limited so not every ticket can get handled). If you can still reproduce the situation described in this ticket in a recent and supported software version, then please follow https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines and create a new ticket at https://gitlab.gnome.org/GNOME/libxml2/-/issues/ Thank you for your understanding and your help.