Rafael wrote:
Hi,Our software is using xmlsec-1.4.1. However, we are very interested on reproducing that canonicalization issue that showed up in 1.4.0 by replacing 1.4.1 with 1.4.0 in our software and testing. After a quick look into the bug description and the CanonicalizerBase.java file, we expected the issue to manifest when signing a xml piece of data that is containing a CDATA section with scandinavian characters. For instance: <script> <![CDATA[ function matchwo(a,b) { if (a < b && a < 0) then { //öäå return 1 } else { //ÖÄÅ return 0 } } ]]> </script> In our tests, we send such a xml block to a servlet which will try to sign it. But we are unable to find any problems, i.e, the signatures created with both 1.4.1 and 1.4.0 are the same. Could anyone give us some indication?
I was not involved in fixing this bug, but I suggest you have a look at the unit test that was written and this may give you a better idea how to reproduce it:
src_unitTests/org/apache/xml/security/c14n/implementations/UtfHelperTest.java --Sean
