Re: [xml] [PATCH] Check hex or decimal entity for overflow

From: Daniel Veillard <veillard redhat com>
To: Jay Civelli <jcivelli google com>
Cc: Nick Wellnhofer <wellnhofer aevum de>, xml gnome org, Joel Hockey <joelhockey chromium org>
Subject: Re: [xml] [PATCH] Check hex or decimal entity for overflow
Date: Wed, 24 Jan 2018 11:37:09 +0530

On Tue, Jan 23, 2018 at 09:51:38PM -0800, Jay Civelli wrote:

On Tue, Jan 23, 2018 at 8:21 PM, Daniel Veillard <veillard redhat com>
wrote:

On Mon, Jan 22, 2018 at 04:37:17PM +0100, Nick Wellnhofer wrote:

On 09/01/2018 00:55, Joel Hockey wrote:

Updated patch with XML_ERR_INVALID_CHAR.


Should be fixed with


https://git.gnome.org/browse/libxml2/commit/?id=60dded12cbf1

705927803c5ed615a7a0132aebbd


As noted previously, this only affects "recovery" mode. The commit

addresses

  And I repeatedly asked people to *not* use recover mode of the XML parser
which is not conformant to the XML spec, unless this is upon an explicit
recovery operation, not a default process. I *really* hope that chrome or
chromium is *not* using the recovery mode by default for XML parsing
in the browser. I guarantee nothing about the recovery mode in the long
term
and I already wrote that I would remove it from the parser if people were
abusing this option.


Chromium was using recover mode when parsing XML for some operations
(extension related for example), but not when rendering XML.
It was changed in https://chromium-review.googlesource.com/c/chromium/
src/+/879106 so the recover mode is not used anywhere in Chromium now.


  Now, that's very good news :-)

    thanks for the update !

Daniel

Jay

  XML is fairly tidy, we can't let the general usage diverge from the spec.


Daniel

the issue at an earlier point in the parsing process and makes sure not

to

return invalid entity content in recovery mode at all.

Nick
_______________________________________________
xml mailing list, project page  http://xmlsoft.org/
xml gnome org
https://mail.gnome.org/mailman/listinfo/xml


--
Daniel Veillard      | Red Hat Developers Tools
http://developer.redhat.com/
veillard redhat com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/
_______________________________________________
xml mailing list, project page  http://xmlsoft.org/
xml gnome org
https://mail.gnome.org/mailman/listinfo/xml


-- 
Daniel Veillard      | Red Hat Developers Tools http://developer.redhat.com/
veillard redhat com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/

References:
- [xml] [PATCH] Check hex or decimal entity for overflow
  - From: Joel Hockey
- Re: [xml] [PATCH] Check hex or decimal entity for overflow
  - From: Nick Wellnhofer
- Re: [xml] [PATCH] Check hex or decimal entity for overflow
  - From: Joel Hockey
- Re: [xml] [PATCH] Check hex or decimal entity for overflow
  - From: Nick Wellnhofer
- Re: [xml] [PATCH] Check hex or decimal entity for overflow
  - From: Daniel Veillard
- Re: [xml] [PATCH] Check hex or decimal entity for overflow
  - From: Jay Civelli

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]