Closed Bug 264369 Opened 21 years ago Closed 19 years ago

Escaping of '>' not compliant with 10.2.1.1 of ECMA 357

Categories

(Rhino Graveyard :: E4X, defect)

Product:
Rhino Graveyard
Component:
E4X
Version:
1.5R1
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kthomas, Unassigned)

References

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7a) Gecko/20040219 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7a) Gecko/20040219 Spec says a. If (c == "<"), let r be the result of concatenating r and the string"&lt;" b. Else if (c == ">"), let r be the result of concatenating r and the string "&gt;" c. Else if (c == "&"), let r be the result of concatenating r and the string "&amp;" Rhino is not obeying b. Reproducible: Always Steps to Reproduce: 1. Execute this code: x = <a/>; chars = "<>&"; x.b = chars; 2. Inspect x.toXMLString() Actual Results: <a> <b>&lt;>&amp;</b> </a> Expected Results: <a> <b>&lt;&gt;&amp;</b> </a> I believe that if < is autoescaped, > should be also. Otherwise we're breaking people's XML (and not complying with ECMA 357 10.2.1.1, I think). As a side issue, I think ECMA 357 10.2.1.1 should have gone all the way and specified escaping all of the XML illegals, including ' and ". Otherwise a lot of illegal XML gets created. As it now stands, ECMA 357 and XInclude (text-mode) are out of agreement. I think it would be good if they agreed on how to handle all 5 XML illegals.
Please file Rhino bugs against the Rhino bugzilla.mozilla.org product. /be
Assignee: general → nobody
Status: UNCONFIRMED → NEW
Component: JavaScript Engine → E4X
Ever confirmed: true
Product: Browser → Rhino
Version: Trunk → 1.5R1
Assignee: nobody → igor
(In reply to comment #0) > As a side issue, I think ECMA 357 10.2.1.1 should have gone all the way and > specified escaping all of the XML illegals, including ' and ". Otherwise a lot > of illegal XML gets created. As it now stands, ECMA 357 and XInclude > (text-mode) are out of agreement. I think it would be good if they agreed on how > to handle all 5 XML illegals. Why do you think that ', ", and > are illegal? Here is a mail from Eric Vasilik that I got when investigating the issue (Rhino uses http://xmlbeans.apache.org/ to implement E4X and directly call xmlText method there): -------- Original Message -------- Subject: RE: No escape for '>' ? Date: Fri, 15 Oct 2004 11:31:46 -0700 From: Eric Vasilik Reply-To: user@xmlbeans.apache.org To: <user@xmlbeans.apache.org> I do not believe that "<a>&lt;>&amp;</a>" is invalid. The '>' character does not need to be escaped. Here is the BNF for char data from the XML spec. [14] CharData ::= [^<&]* - ([^<&]* ']]>' [^<&]*) It requires that there are no un-escaped '&' or '<' characters, as well as the CDATA terminating character sequence. - Eric > -----Original Message----- > From: Igor Bukanov [mailto:igor@fastmail.fm] > Sent: Friday, October 15, 2004 6:10 AM > To: user@xmlbeans.apache.org > Subject: No escape for '>' ? > > Hi! > > It seems that xmlText() does not escape '>'. For example, > xmlCursor.xmlText() when xmlCursor points to a XML fragement <a>TEXT</a> > where TEXT is "<>&" produces instead of the expected > <a>&lt;&gt;&amp;</a> > the following invalid XML: > <a>&lt;>&amp;</a> > > Regards, Igor
Blocks: 270779
Reassigning to please_see_bug_288433@eml.cc pending resolution of bug 288433
Assignee: igor.bukanov → please_see_bug_288433
Assignee: please_see_bug_288433 → nobody
This bug is fixed in the upcoming DOM-only (non-XMLBeans) version of E4X support. See bug 355677.
Status: NEW → ASSIGNED
Depends on: 355677
Rhino now passes this test if XMLBeans is not present (see bug 355677).
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Adding target milestone of 1.6R6 based on the date this bug was resolved FIXED.
Target Milestone: --- → 1.6R6
You need to log in before you can comment on or make changes to this bug.