[jira] [Comment Edited] (JCR-4935) session.exportDocumentView() generates unparsable XML if a JCR Property contains invalid XML character

Tue, 30 May 2023 02:55:05 -0700 


    [ 
https://issues.apache.org/jira/browse/JCR-4935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17727431#comment-17727431
 ] 

Julian Reschke edited comment on JCR-4935 at 5/30/23 9:54 AM:
--------------------------------------------------------------

FWIW, 
[ToXmlContentHandler.java|https://github.com/apache/jackrabbit/pull/132/commits/772347431022120704153606883b9b1abcf489f1#diff-c815600021691abe44140c80f533e6dda87aa0a90c9147bf0346fdf8a6e0be38]
 works as defined. We *could* change it to check for invalid characters and 
throw an exception.

Whatever the fix is, it needs to happen higher in the stack.


was (Author: reschke):
FWIW, 
[ToXmlContentHandler.java|https://github.com/apache/jackrabbit/pull/132/commits/772347431022120704153606883b9b1abcf489f1#diff-c815600021691abe44140c80f533e6dda87aa0a90c9147bf0346fdf8a6e0be38]
 works as defined. We *could* change it to check for invalid characters and 
throw an exception.

Whatever the fix is, it need to happen higher in the stack.

> session.exportDocumentView() generates unparsable XML if a JCR Property 
> contains invalid XML character
> ------------------------------------------------------------------------------------------------------
>
>                 Key: JCR-4935
>                 URL: https://issues.apache.org/jira/browse/JCR-4935
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-jcr-commons
>    Affects Versions: 2.21.17
>            Reporter: Yegor Kozlov
>            Assignee: Julian Reschke
>            Priority: Major
>         Attachments: image-2023-05-29-14-58-05-591.png
>
>
> I came across this issue in AEM, where user content can contain all kinds of 
> special characters. In my case it was a 0x3 character (^C) in a node property 
> which was written in the JCR XML as-is, and it resulted in a unparsable 
> output. 
> !image-2023-05-29-14-58-05-591.png|width=968,height=305!
> IMO control characters, non-characters and out-of-unicode-range characters 
> should be skipped when writing XML. These can come from user data and can act 
> as a "poison pill" breaking the export/import functionality. 
>  
> The PR is coming.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to