https://bz.apache.org/bugzilla/show_bug.cgi?id=65030
--- Comment #3 from Stefan Bodewig <bode...@apache.org> --- https://docs.oracle.com/javase/8/docs/api/javax/xml/stream/XMLStreamWriter.html says > The XMLStreamWriter does not perform well formedness checking on its input. > However the writeCharacters method is required to escape & , < and > For > attribute values the writeAttribute method will escape the above characters > plus " to ensure that all character content and attribute values are well > formed. Unfortunately it doesn't strip out characters that are illegal for any XML content, something our own DOMElementWriter.encodeAttributeValue would do (this is used by the traditional JUnit task). Simply using "our" encoder on top will not help, as writeAttribute would re-encode the ampersands added when encoding <>&" in encodeAttributeValue (which I believe to cause problems in bug 63436, where we use our encode plus the encoding of writeCharacters). So we probably need to extract DOMElementWriter.isLegalCharacter and filter by that. I don't recall what I looked up years ago when we added isLegalCharacter but I believe the code point 0 is completely prohibited inside of an XML document, even when encoded as a numeric entity. The PR you mention would be wrong if my recollection is right, we'll have to double-check. -- You are receiving this mail because: You are the assignee for the bug.
