Menu

#153 REST API: invalid characters in XML responses

5.2
wont-fix
nobody
None
1
2015-07-14
2015-07-10
Simone Tellini
No

Hi,

it appears that Subsonic doesn't escape XML entities properly. For instance, if I have an mp3 with an ID3 tag with title = "Foo>Bar", I get this from getMusicDirectory:

<?xml version="1.0" encoding="UTF-8"?>
<subsonic-response xmlns="http://subsonic.org/restapi" status="ok" version="1.12.0">
   <directory id=...>
      <child ... title="Foo>Bar" ... />
   </directory>
</subsonic-response>

If I add a quote to the title, I get:

  <child ... title="Foo>Bar"" ... />

Tested with 5.2.1

Discussion

  • Sindre Mehus

    Sindre Mehus - 2015-07-13

    Subsonic uses the JAXB library to generate XML, so it's very likely valid. From what I gather, the ">" character is allowed within an attribute value (but not "<" or double quotes).

    The double quote should be replaced by """, which it is when I test it. If you're looking at the xml in a browser, please make sure to select View Source to avoid any formatting done by the browser.

     

  • Simone Tellini

    Simone Tellini - 2015-07-13

    you're right. I've re-read the formal specs and indeed > is allowed. The bug is is the xml parser I'm using, apparently, since it chokes on that.

     

  • Sindre Mehus

    Sindre Mehus - 2015-07-14
    • status: open --> wont-fix
     

Anonymous
Anonymous

Add attachments
Cancel