Re: [xml] Universally replacing space with %20 before calling xmlParseURI - bad?

Tue, 12 Dec 2017 04:39:07 -0800 

The space character is an unsafe character and must be encoded with "%20"
[1]. So, URLs containing a space character are invalid URLs.

 

 

Claude Petit

 

[1] http://www.ietf.org/rfc/rfc1738.txt

 

 

----------------------------------------------------------------------

 

> Date: Tue, 12 Dec 2017 10:41:40 +0000

> From: "Richard W.M. Jones" <rjo...@redhat.com <mailto:rjo...@redhat.com> >

> To: Daniel Veillard <veill...@redhat.com <mailto:veill...@redhat.com> >,
xml@gnome.org <mailto:xml@gnome.org> 

> Cc: ptosc...@redhat.com <mailto:ptosc...@redhat.com> 

> Subject: [xml] Universally replacing space with %20 before calling

>             xmlParseURI - bad?

> Message-ID: <20171212104140.ga31...@redhat.com
<mailto:20171212104140.ga31...@redhat.com> >

> Content-Type: text/plain; charset=utf-8

> As far as I can tell xmlParseURI always fails if the input URI contains a
space in the path part of the URI.

> 

> Virt-v2v uses URIs for all kinds of things including referencing remote
virtual machines, eg:

> 

>   ssh://r...@esxi.example.com/vmfs/volumes/datacenter/my guest/my
guest.vmx

> 

> Virtual machine names often contain spaces.  You have to tell people to
replace spaces with ?%20?s, and that can be awkward in the sort of
shell-scripting places where virt-v2v is often used, and it's a usability
problem too.

> 

> One suggestion is that we wrap all calls to xmlParseURI with a wrapper
that simply replaces spaces with ?%20?s (without making any attempt to
understand the URI, just blind replacement).

> 

> Is this going to be a bad thing?

> 

> Note that I don't care if it doesn't conform to some RFC.  I'm much more
worried that we'll introduce a security bug by doing this or that there's
some unanticipated pitfall.

> 

> Rich.

> 

> --

> Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones Read my programming and virtualization
blog: http://rwmj.wordpress.com Fedora Windows cross-compiler. Compile
Windows programs, test, and build Windows installers. Over 100 libraries
supported.

> http://fedoraproject.org/wiki/MinGW



---
This email has been checked for viruses by AVG.
http://www.avg.com

_______________________________________________
xml mailing list, project page  http://xmlsoft.org/
xml@gnome.org
https://mail.gnome.org/mailman/listinfo/xml

Reply via email to