Uploaded image for project: 'JBoss ESB'
  1. JBoss ESB
  2. JBESB-383

XML Marshaling/Unmarshling code performs no normalisation on name values used to create XML/DOM element nodes.

    Details

      Description

      An example of this can be seen in org.jboss.internal.soa.esb.message.format.xml.BodyImpl.toXML(Element) where the body attachment keys are used as the container element name. What if someone saves an attachment that contains special/unsupported chars?? This is very possible!

        Gliffy Diagrams

          Activity

          Hide
          tfennelly Tom Fennelly added a comment -

          When I say "What if someone saves an attachment that contains special/unsupported chars?", of course I mean (and should have said) "What if someone saves an attachment under a key that contains special/unsupported chars?"

          Show
          tfennelly Tom Fennelly added a comment - When I say "What if someone saves an attachment that contains special/unsupported chars?", of course I mean (and should have said) "What if someone saves an attachment under a key that contains special/unsupported chars?"
          Hide
          tfennelly Tom Fennelly added a comment -

          Note that there may be other locations in the code where normalisation is required. I recall some code using a "type" URI (serialisation type I think it was). The likes of these would probably also require normalisation. I suppose a grep for "createElement" should catch them all.

          Show
          tfennelly Tom Fennelly added a comment - Note that there may be other locations in the code where normalisation is required. I recall some code using a "type" URI (serialisation type I think it was). The likes of these would probably also require normalisation. I suppose a grep for "createElement" should catch them all.
          Hide
          marklittle Mark Little added a comment -

          Yes, I did check everything except Properties, which I'm now updating. Thanks.

          Show
          marklittle Mark Little added a comment - Yes, I did check everything except Properties, which I'm now updating. Thanks.

            People

            • Assignee:
              marklittle Mark Little
              Reporter:
              tfennelly Tom Fennelly
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours
                2h

                  Development