Message 136402 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	Kyle.Keating
Recipients	Kyle.Keating
Date	2011年05月20日.22:02:10
SpamBayes Score	9.593722e-05
Marked as misclassified	No
Message-id	<1305928931.2.0.716148568641.issue12129@psf.upfronthosting.co.za>

Content
I was doing some tests on using this library and I noticed xml elements and attribute names could be created with mal-formed xml because special characters which can break validation are not cleaned or converted from their literal forms. Only the attribute values are cleaned, but not the names. For example import xml.dom ... doc.createElement("p></p>") ... will just embed a pair of p tags in the xml result. I thought that the xml spec did not permit <, >, &, \n etc. in the element name or attribute name? Could I get some clarification on this, thanks!

Content

I was doing some tests on using this library and I noticed xml elements and attribute names could be created with mal-formed xml because special characters which can break validation are not cleaned or converted from their literal forms. Only the attribute values are cleaned, but not the names.
For example
import xml.dom
...
doc.createElement("p></p>") 
...
will just embed a pair of p tags in the xml result. I thought that the xml spec did not permit <, >, &, \n etc. in the element name or attribute name? Could I get some clarification on this, thanks!

History
Date	User	Action	Args
2011年05月20日 22:02:11	Kyle.Keating	set	recipients: + Kyle.Keating
2011年05月20日 22:02:11	Kyle.Keating	set	messageid: <1305928931.2.0.716148568641.issue12129@psf.upfronthosting.co.za>
2011年05月20日 22:02:10	Kyle.Keating	link	issue12129 messages
2011年05月20日 22:02:10	Kyle.Keating	create

homepage