[DAS] Possible XML error with LDAS 1.08
Andrew Dalke
dalke@dalkescientific.com
Tue, 29 Oct 2002 02:31:14 -0700
Angie Hinrichs:
> I would change that once more to this:
>
> print qq( <GROUP id="$groupid">$gclass</GROUP>\n);
I had to rewrite the XML I got from LDAS to do essentially
this so that my 'dascheck' program I announced a while back
would run against those servers. I've sent this and a
set of other problems I identified to Lincoln.
BTW, I noticed in general in the LDAS code there are places like
this where text and fields are not escaped for XML.
For example, consider
<ENTRY_POINTS href="$url" version="1.0">
This doesn't escape the URL. Suppose the URL contains a "&"
character. The XML spec requires that that be escaped to "&"
which means this could potentially generate invalid XML. One
of the servers I tested against does this, but I think it
disappeared before I finished dascheck so I never coded a
workaround for it.
I don't know if "groupid" or "gclass" could ever contain
a special character, but due to general caution I would put
some more escapes on the various print statements, or at
least more assertion checks on the inputs.
Andrew
dalke@dalkescientific.com