[issue10066] xmlrpclib does not handle some non-printable characters properly
Peter Gyorko gyor...@balabit.hu added the comment: The shortest code which can trigger this error is the following: import xmlrpclib print xmlrpclib.dumps(('\x01',)) params param valuestring/string/value /param /params As you can see, the escape method does not care about non-printable characters which can cause parsing error in the other side. My previous patch used \x to tell to the other side that the value contains some binary garbage. It you want to reject these binary bytes (which was not acceptable in my case), use this patch: --- a/xmlrpclib.py 2010-10-13 14:45:02.0 +0200 +++ b/xmlrpclib.py 2010-10-13 16:03:14.0 +0200 @@ -165,6 +165,9 @@ return data def escape(s, replace=string.replace): +if (None != re.search('[\x00-\x08\x0b-\x0c\x0e-\x1f\x7f-\xff]', s)): +raise Fault(INVALID_ENCODING_CHAR, 'Non-printable character in string') + s = replace(s, , amp;) s = replace(s, , lt;) return replace(s, , gt;,) An other idea: we may use CDATA (http://www.w3schools.com/xml/xml_cdata.asp) to transfer binary values... -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue10066 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10066] xmlrpclib does not handle some non-printable characters properly
New submission from Peter Gyorko gyor...@balabit.hu: If I add a string to the response, which contains non-printable characters, the output will not be parsed by the most of the XML parsers (I tried with XML-RPC for PHP). Here is my quick and dirty fix: --- a/Lib/xmlrpclib.py +++ b/Lib/xmlrpclib.py @@ -165,9 +165,18 @@ def _decode(data, encoding, is8bit=re.compile([\x80-\xff]).search): return data def escape(s, replace=string.replace): -s = replace(s, , amp;) -s = replace(s, , lt;) -return replace(s, , gt;,) +res = '' +for char in s: +char_code = ord(char) +if (char_code 32 and char_code not in (9, 10, 13)) or char_code 126: +res += '\\x%02x' % ord(char) +else: +res += char + +res = replace(res, , amp;) +res = replace(res, , lt;) +res = replace(res, , gt;) +return res if unicode: def _stringify(string): -- components: XML messages: 118376 nosy: gyorkop priority: normal severity: normal status: open title: xmlrpclib does not handle some non-printable characters properly type: behavior versions: Python 2.6 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue10066 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com