XmlRpcSerializer does not serialize character >

Brought to you by: franzhoepfinger, gregerohlson, niklasb, wsargent

#24 XmlRpcSerializer does not serialize character >

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2014-08-20

Created: 2009-10-20

Creator: Anonymous

Private: No

If an argument is a string with tags inside (like <toto>), XmlRpcSerializer does not serialize the character >, which may lead to server errors.

The fix consists in adding a case statement :
case '>' :
writer.write(">");
break;

Discussion

Johannes Renner - 2011-12-09

Hello,

we had some problems with exactly this bug, where it was leading to this exception on the server:

org.xml.sax.SAXParseException: The character sequence "]]>" must not appear in content unless used to mark the end of a CDATA section.
...

For reproducing it, you just need to send some CDATA as a parameter, e.g. "<![CDATA[foobar]]>".
We fixed it for our purpose by applying the following patch:

Index: source/redstone/xmlrpc/XmlRpcSerializer.java

--- source/redstone/xmlrpc/XmlRpcSerializer.java (revision 37)
+++ source/redstone/xmlrpc/XmlRpcSerializer.java (working copy)
@@ -163,6 +163,10 @@

switch( c )
{
+ case '>' :
+ writer.write( ">" );
+ break;
+
case '<' :
writer.write( "<" );
break;

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.