JBoss ESB
  1. JBoss ESB
  2. JBESB-383

XML Marshaling/Unmarshling code performs no normalisation on name values used to create XML/DOM element nodes.

    Details

    • Type: Bug Bug
    • Status: Closed Closed (View Workflow)
    • Priority: Major Major
    • Resolution: Done
    • Affects Version/s: 4.0 CR2
    • Fix Version/s: 4.2 Milestone Release 1
    • Component/s: Rosetta
    • Security Level: Public (Everyone can see)
    • Labels:
      None
    • Similar Issues:
      Show 10 results 

      Description

      An example of this can be seen in org.jboss.internal.soa.esb.message.format.xml.BodyImpl.toXML(Element) where the body attachment keys are used as the container element name. What if someone saves an attachment that contains special/unsupported chars?? This is very possible!

        Activity

        Hide
        Tom Fennelly
        added a comment -

        When I say "What if someone saves an attachment that contains special/unsupported chars?", of course I mean (and should have said) "What if someone saves an attachment under a key that contains special/unsupported chars?"

        Show
        Tom Fennelly
        added a comment - When I say "What if someone saves an attachment that contains special/unsupported chars?", of course I mean (and should have said) "What if someone saves an attachment under a key that contains special/unsupported chars?"
        Hide
        Tom Fennelly
        added a comment -

        Note that there may be other locations in the code where normalisation is required. I recall some code using a "type" URI (serialisation type I think it was). The likes of these would probably also require normalisation. I suppose a grep for "createElement" should catch them all.

        Show
        Tom Fennelly
        added a comment - Note that there may be other locations in the code where normalisation is required. I recall some code using a "type" URI (serialisation type I think it was). The likes of these would probably also require normalisation. I suppose a grep for "createElement" should catch them all.
        Hide
        Mark Little
        added a comment -

        Yes, I did check everything except Properties, which I'm now updating. Thanks.

        Show
        Mark Little
        added a comment - Yes, I did check everything except Properties, which I'm now updating. Thanks.

          People

          • Assignee:
            Mark Little
            Reporter:
            Tom Fennelly
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0 minutes
              0m
              Logged:
              Time Spent - 2 hours
              2h