REST API: invalid characters in XML responses
Brought to you by:
sindre_mehus
Hi,
it appears that Subsonic doesn't escape XML entities properly. For instance, if I have an mp3 with an ID3 tag with title = "Foo>Bar", I get this from getMusicDirectory:
<?xml version="1.0" encoding="UTF-8"?> <subsonic-response xmlns="http://subsonic.org/restapi" status="ok" version="1.12.0"> <directory id=...> <child ... title="Foo>Bar" ... /> </directory> </subsonic-response>
If I add a quote to the title, I get:
<child ... title="Foo>Bar"" ... />
Tested with 5.2.1
Anonymous
Subsonic uses the JAXB library to generate XML, so it's very likely valid. From what I gather, the ">" character is allowed within an attribute value (but not "<" or double quotes).
The double quote should be replaced by """, which it is when I test it. If you're looking at the xml in a browser, please make sure to select View Source to avoid any formatting done by the browser.
you're right. I've re-read the formal specs and indeed > is allowed. The bug is is the xml parser I'm using, apparently, since it chokes on that.