Project

General

Profile

Tasks #919

Bug #908: RGW allows users to create buckets and objects with invalid names

properly escape XML

Added by Colin McCabe over 9 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
% Done:

0%

Tags:
Reviewed:
Affected Versions:
Pull request ID:

Description

Properly escape the XML that we're sending in RGW.

For example, if the user sticks a control character in a bucket name, we may need to escape that in our bucket list response. Etc.

I think the characters that need to be escaped are:

control characters: 0x00-0x09, 0x0b-0x0c, 0x0e-0x1f
characters used by xml itself: <>"'&

I think libexpat should already have something like this. We just need to ensure that we use it properly in RGW.

History

#1 Updated by Colin McCabe over 9 years ago

  • Assignee set to Colin McCabe

#2 Updated by Colin McCabe over 9 years ago

confirmed: amazon escapes keys named """ (three quotes) as

&quot;&quot;&quot

in the XML response.

Amazon translated an object named "control-V control-V control-V" to

&#x16;&#x16;&#x16;

In the XML response.

libboto can't handle the control-V response...

#3 Updated by Colin McCabe over 9 years ago

  • Status changed from New to Resolved

Also available in: Atom PDF