GNOME Bugzilla – Bug 730169
libxslt URI encoding issues
Last modified: 2021-07-05 10:59:17 UTC
There are two problems with the str:encode-uri() function and one possible issue with the xf:escape-uri() function. EXSLT spec for str:encode-uri(): http://www.exslt.org/str/functions/encode-uri/str.encode-uri.html 1. str:encode-uri() should escape the @ character if the boolean argument (escape reserved) is set to true, but it never does. Compare it to the behavior of the xf:escape-uri() function, which does handle this correctly: str:encode-uri( "@", false() ) = @ str:encode-uri( "@", true() ) = @ xf:escape-uri( "@", false() ) = @ xf:escape-uri( "@", true() ) = %40 2. str:encode-uri() should not escape the % character if it is followed by 2 hexadecimal digits, but it always does. Again, compare it to the behavior of the xf:escape-uri() function, which handles it right: str:encode-uri( "%example%1A", false() ) = %25example%251A str:encode-uri( "%example%1A", true() ) = %25example%251A xf:escape-uri( "%example%1A", false() ) = %25example%1A xf:escape-uri( "%example%1A", true() ) = %25example%1A The third issue is that I wanted to verify that the code for xf:escape-uri() wouldn't accidentally read beyond the end of the string when handing the % escaping behavior ? Please take a look at the xmlXPathEscapeUriFunction function in libxml2/xpath.c, in particular these lines: (*cptr == '%' && ((cptr[1] >= 'A' && cptr[1] <= 'F') || (cptr[1] >= 'a' && cptr[1] <= 'f') || (cptr[1] >= '0' && cptr[1] <= '9')) && ((cptr[2] >= 'A' && cptr[2] <= 'F') || (cptr[2] >= 'a' && cptr[2] <= 'f') || (cptr[2] >= '0' && cptr[2] <= '9'))) || Thanks, Satya
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org. As part of that, we are mass-closing older open tickets in bugzilla.gnome.org which have not seen updates for a longer time (resources are unfortunately quite limited so not every ticket can get handled). If you can still reproduce the situation described in this ticket in a recent and supported software version, then please follow https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines and create a new ticket at https://gitlab.gnome.org/GNOME/libxslt/-/issues/ Thank you for your understanding and your help.