Re: [xml] Universally replacing space with %20 before calling xmlParseURI - bad?

The space character is an unsafe character and must be encoded with “%20” [1]. So, URLs containing a space character are invalid URLs.



Claude Petit







> Date: Tue, 12 Dec 2017 10:41:40 +0000

> From: "Richard W.M. Jones" <rjones redhat com>

> To: Daniel Veillard <veillard redhat com>, xml gnome org

> Cc: ptoscano redhat com

> Subject: [xml] Universally replacing space with %20 before calling

>             xmlParseURI - bad?

> Message-ID: <20171212104140 GA31929 redhat com>

> Content-Type: text/plain; charset=utf-8

> As far as I can tell xmlParseURI always fails if the input URI contains a space in the path part of the URI.


> Virt-v2v uses URIs for all kinds of things including referencing remote virtual machines, eg:


>   ssh://root esxi example com/vmfs/volumes/datacenter/my guest/my guest.vmx


> Virtual machine names often contain spaces.  You have to tell people to replace spaces with ?%20?s, and that can be awkward in the sort of shell-scripting places where virt-v2v is often used, and it's a usability problem too.


> One suggestion is that we wrap all calls to xmlParseURI with a wrapper that simply replaces spaces with ?%20?s (without making any attempt to understand the URI, just blind replacement).


> Is this going to be a bad thing?


> Note that I don't care if it doesn't conform to some RFC.  I'm much more worried that we'll introduce a security bug by doing this or that there's some unanticipated pitfall.


> Rich.


> --

> Richard Jones, Virtualization Group, Red Hat Read my programming and virtualization blog: Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 100 libraries supported.


AVG logo

This email has been checked for viruses by AVG antivirus software.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]