escape ASCII control chars in xml
stops some XML parse errors on corrupt metadata see https://github.com/jcupitt/libvips/issues/1039
This commit is contained in:
John Cupitt
parent
9fa03e80c7
commit
2d94fe732a
@ -35,6 +35,7 @@
|
|||||||
- support writing string-valued fields via libexif
|
- support writing string-valued fields via libexif
|
||||||
- paste in the test suite from pyvips
|
- paste in the test suite from pyvips
|
||||||
- get EXIF tag names from tag plus ifd [@Nan619]
|
- get EXIF tag names from tag plus ifd [@Nan619]
|
||||||
|
- escape ASCII control characters in XML
|
||||||
|
|
||||||
12/3/18 started 8.6.4
|
12/3/18 started 8.6.4
|
||||||
- better fitting of fonts with overhanging edges [Adrià]
|
- better fitting of fonts with overhanging edges [Adrià]
|
||||||
|
|||||||
@ -24,6 +24,9 @@
|
|||||||
* 22/7/18
|
* 22/7/18
|
||||||
* - update code from radiance ... pasted in from rad5R1
|
* - update code from radiance ... pasted in from rad5R1
|
||||||
* - expand fs[] buffer to prevent out of bounds write [HongxuChen]
|
* - expand fs[] buffer to prevent out of bounds write [HongxuChen]
|
||||||
|
* 23/7/18
|
||||||
|
* - fix a buffer overflow for incorrectly coded old-style RLE
|
||||||
|
* [HongxuChen]
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|||||||
@ -23,6 +23,8 @@
|
|||||||
* - validate strs as being utf-8 before we write
|
* - validate strs as being utf-8 before we write
|
||||||
* 9/4/18 Alexander--
|
* 9/4/18 Alexander--
|
||||||
* - use O_TMPFILE, if available
|
* - use O_TMPFILE, if available
|
||||||
|
* 23/7/18
|
||||||
|
* - escape ASCII control characters in XML
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -769,38 +771,34 @@ dbuf_write_quotes( VipsDbuf *dbuf, const char *str )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Append a string to a buffer, but escape &<>.
|
/* Append a string to a buffer, but escape &<> and the ASCII escape codes. Our
|
||||||
|
* argument string is utf-8.
|
||||||
*/
|
*/
|
||||||
static void
|
static void
|
||||||
dbuf_write_amp( VipsDbuf *dbuf, const char *str )
|
dbuf_write_amp( VipsDbuf *dbuf, const char *str )
|
||||||
{
|
{
|
||||||
const char *p;
|
const char *p;
|
||||||
size_t len;
|
|
||||||
|
|
||||||
for( p = str; *p; p += len ) {
|
for( p = str; *p; p++ )
|
||||||
len = strcspn( p, "&<>" );
|
if( *p < 32 )
|
||||||
|
/* You'd think we could output "%x;", but xml
|
||||||
vips_dbuf_write( dbuf, (unsigned char *) p, len );
|
* 1.0 parsers barf on that. Perhaps we should use '?',
|
||||||
switch( p[len] ) {
|
* but this is frankly better.
|
||||||
case '&':
|
*
|
||||||
vips_dbuf_writef( dbuf, "&" );
|
* xml 1.1 allows this, but expat does not support
|
||||||
len += 1;
|
* it.
|
||||||
break;
|
*
|
||||||
|
* vips_dbuf_writef( dbuf, "&#x%02x;", *p );
|
||||||
case '<':
|
*/
|
||||||
vips_dbuf_writef( dbuf, "<" );
|
vips_dbuf_write( dbuf, (guchar *) "🐄", 9 );
|
||||||
len += 1;
|
else if( *p == '<' )
|
||||||
break;
|
vips_dbuf_write( dbuf, (guchar *) "<", 4 );
|
||||||
|
else if( *p == '>' )
|
||||||
case '>':
|
vips_dbuf_write( dbuf, (guchar *) ">", 4 );
|
||||||
vips_dbuf_writef( dbuf, ">" );
|
else if( *p == '&' )
|
||||||
len += 1;
|
vips_dbuf_write( dbuf, (guchar *) "&", 5 );
|
||||||
break;
|
else
|
||||||
|
vips_dbuf_write( dbuf, (guchar *) p, 1 );
|
||||||
default:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void *
|
static void *
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user