Message283873
xml minidom.py needs extra validation in setAttributes for certain special characters depending on the attribute name. Attribute values cannot have special characters like <,> and cant be nested as described in the example below
element01 = doc.createElement('element01')
element01.setAttribute('attribute', "script><![CDATA[alert('script!');]]></script>")
doc.firstChild.appendChild(element01)
script shouldn't be allowed as a value for an attribute and I feel it should throw an exception (Value Exception) and as described above <,> shouldn't be allowed as attributes are more like key-value pairs. Could someone tell me if this is right? If it is, then minidom.py needs this extra level of validation for the same |
|
Date |
User |
Action |
Args |
2016-12-23 08:39:36 | pdeep5693 | set | recipients:
+ pdeep5693, terry.reedy, Kyle.Keating, martin.panter, jocassid |
2016-12-23 08:39:36 | pdeep5693 | set | messageid: <1482482376.61.0.620677310361.issue12129@psf.upfronthosting.co.za> |
2016-12-23 08:39:36 | pdeep5693 | link | issue12129 messages |
2016-12-23 08:39:36 | pdeep5693 | create | |
|