Opened 12 years ago
Closed 10 years ago
#20197 closed Cleanup/optimization (fixed)
XML serializer can output invalid characters
Reported by: | ris | Owned by: | nobody |
---|---|---|---|
Component: | Core (Serialization) | Version: | 1.3 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Ready for checkin | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Specifically Form Feed (0x0c), which is not allowed in XML. At all.
The problem is that saxutils' XMLGenerator is not safe against these characters and the result is having dumpdata output that loaddata can't reimport.
But I'm not sure what should be done about this though, because from what I've read, FF isn't even allowed to be numerically referenced in XML. So - should FFs just be silently swallowed? That doesn't seem right to me. Dumps are supposed to be perfect representations of the data.
Is this just a good reason not to use XML as a dump format?
(Noticed in 1.3, but code is the same in 1.4)
Change History (4)
comment:1 by , 12 years ago
Component: | Core (Serialization) → Documentation |
---|---|
Triage Stage: | Unreviewed → Accepted |
Type: | Uncategorized → Cleanup/optimization |
comment:2 by , 10 years ago
Has patch: | set |
---|
This PR fails loudly when a control character is contained inside to-be-serialized content. I think that's better than silently producing invalid XML.
comment:3 by , 10 years ago
Component: | Documentation → Core (Serialization) |
---|---|
Triage Stage: | Accepted → Ready for checkin |
Read also: http://www.w3.org/International/questions/qa-controls
I'd suggest to document that limitation in https://docs.djangoproject.com/en/dev/topics/serialization/#xml, and possibly https://docs.djangoproject.com/en/dev/ref/django-admin/#django-admin-dumpdata