Pradeep added the comment:
xml minidom.py needs extra validation in setAttributes for certain special
characters depending on the attribute name. Attribute values cannot have
special characters like <,> and cant be nested as described in the example below
element01 = doc.createElement('element01')
element01.setAttribute('attribute',
"script><![CDATA[alert('script!');]]></script>")
doc.firstChild.appendChild(element01)
script shouldn't be allowed as a value for an attribute and I feel it should
throw an exception (Value Exception) and as described above <,> shouldn't be
allowed as attributes are more like key-value pairs. Could someone tell me if
this is right? If it is, then minidom.py needs this extra level of validation
for the same
----------
nosy: +pdeep5693
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue12129>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
