On 24/11/10 11:45 -0500, [email protected] wrote:
From: Tobias Crawley <[email protected]>
The xml parser used by nokogiri-java (xerces) is much more strict about
unescaped entities, and causes nokogiri to ignore nodes containing them.
Wrapping the content in CDATA blocks fixes this.
ACK. Code looks safe and I understand your motivation, XML can get corrupted
when Exception contains invalid characters.
-- Michal
Note: this fix does not use the haml :cdata filter, since you cannot
strip whitespace inside the filter.
---
.../lib/deltacloud/helpers/application_helper.rb | 4 ++--
server/views/errors/auth_exception.xml.haml | 3 ++-
.../errors/backend_capability_failure.xml.haml | 3 ++-
server/views/errors/backend_error.xml.haml | 4 ++--
server/views/errors/validation_failure.xml.haml | 5 +++--
5 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/server/lib/deltacloud/helpers/application_helper.rb
b/server/lib/deltacloud/helpers/application_helper.rb
index 00e8bc9..6830e5f 100644
--- a/server/lib/deltacloud/helpers/application_helper.rb
+++ b/server/lib/deltacloud/helpers/application_helper.rb
@@ -121,8 +121,8 @@ module ApplicationHelper
end
end
- def cdata(&block)
- text = capture_haml(&block)
+ def cdata(text = nil, &block)
+ text ||= capture_haml(&block)
"<![CDATA[#{text.strip}]]>"
end
diff --git a/server/views/errors/auth_exception.xml.haml
b/server/views/errors/auth_exception.xml.haml
index bee6492..bfa9111 100644
--- a/server/views/errors/auth_exception.xml.haml
+++ b/server/views/errors/auth_exception.xml.haml
@@ -1,2 +1,3 @@
%error{:url => "#{request.env['REQUEST_URI']}", :status => "#{response.status}"}
- %message #[email protected]}
+ %message< #{cdata @error.message}
+
diff --git a/server/views/errors/backend_capability_failure.xml.haml
b/server/views/errors/backend_capability_failure.xml.haml
index 83892fb..4302e4b 100644
--- a/server/views/errors/backend_capability_failure.xml.haml
+++ b/server/views/errors/backend_capability_failure.xml.haml
@@ -1,4 +1,5 @@
%error{:url => "#{request.env['REQUEST_URI']}", :status => "#{response.status}"}
%capability #[email protected]}
- %message #[email protected]}
+ %message< #{cdata @error.message}
+
diff --git a/server/views/errors/backend_error.xml.haml
b/server/views/errors/backend_error.xml.haml
index 75866eb..cb5d87f 100644
--- a/server/views/errors/backend_error.xml.haml
+++ b/server/views/errors/backend_error.xml.haml
@@ -4,5 +4,5 @@
%code= @error.code
%cause= @error.cause
- if @error.details
- %details #[email protected]}
- %message #[email protected]}
+ %details< #{cdata @error.details.join("\n")}
+ %message< #{cdata @error.message}
diff --git a/server/views/errors/validation_failure.xml.haml
b/server/views/errors/validation_failure.xml.haml
index 24519ed..f18d6a2 100644
--- a/server/views/errors/validation_failure.xml.haml
+++ b/server/views/errors/validation_failure.xml.haml
@@ -1,7 +1,8 @@
%error{:url => "#{request.env['REQUEST_URI']}", :status => "#{response.status}"}
%parameter #[email protected]}
- %message #[email protected]}
+ %message< #{cdata @error.message}
- unless @error.param.options.empty?
%valid_options
- @error.param.options.each do |v|
- %value #{v}
+ %value< #{cdata v}
+
--
1.7.3.2
--
--------------------------------------------------------
Michal Fojtik, [email protected]
Deltacloud API: http://deltacloud.org
--------------------------------------------------------
