Loading ...
Sorry, an error occurred while loading the content.

Re: encoding bug: < = < ?

Expand Messages
  • paulclinger@yahoo.com
    Hi, Jörg! ... where ... But there is no need for that. XML spec says [http://www.w3.org/TR/REC-xml#syntax]: If they are needed elsewhere, they must be
    Message 1 of 5 , Jul 10, 2001
    • 0 Attachment
      Hi, Jörg!

      > something fishy: the less than (<) sign in the directory listings
      where
      > all encoded as < This < then appereared in the array of the
      > directory listing my client receives. This does not happen to the
      > bigger-than sign (>). It is literally in the dump and array.
      But there is no need for that. XML spec says
      [http://www.w3.org/TR/REC-xml#syntax%5d:
      "If they are needed elsewhere, they must be escaped using either
      numeric character references or the strings "&" and "<"
      respectively. The right angle bracket (>) may be represented using
      the string ">", and must, for compatibility, be escaped
      using ">" or a character reference when it appears in the
      string "]]>" in content, when that string is not marking the end of a
      CDATA section."

      So '<' MUST be encoded and '>' MAY be. That's the difference. '>' is
      not critical as soon as you don't have unescaped '<' and parsers
      usually don't have problem with that. Nothing to worry about :))
      Anyway you should get proper decoded string on the other side.

      Best wishes, Paul.

      --- In soaplite@y..., Jörg Ziefle <joerg.ziefle@g...> wrote:
      > Just for fun, I was just writing a little SOAP-FTP class and client
      to
      > access file on a Win32 machine from Un*x (for example). When
      checking
      > the ls command for viewing the directory contents, I encountered
      > something fishy: the less than (<) sign in the directory listings
      where
      > all encoded as < This < then appereared in the array of the
      > directory listing my client receives. This does not happen to the
      > bigger-than sign (>). It is literally in the dump and array.
      >
      > Below is the code and a SOAP dump:
      >
      > DISCLAIMER: I am aware that this code is highly insecure. As I said
      > above, it's a just for fun thing.
      >
      > ls subroutine on the SOAPFTP class on the server side:
      >
      > sub ls {
      >
      > my $file = $_[1];
      > return defined $file ? `dir $file` : `dir`; # BAD. I know, I
      know :)
      >
      > };
      >
      > corresponding code in the SOAPFTP client:
      >
      >
      > use strict;
      > use Data::Dumper;
      > use File::Basename;
      >
      > use SOAP::Lite
      > +trace => ['fault'],
      > +autodispatch =>
      > uri => 'http://128.61.33.168/',
      > proxy => 'http://128.61.33.168:5000/',
      > on_debug => sub { print @_ },
      > on_fault => sub { print $_[1]->faultstring },
      > ;
      >
      > my $ftp = SOAPFTP->new;
      >
      > while (1) {
      >
      > print 'SOAPFTP> ';
      > my $cmd = <STDIN>;
      >
      > SWITCH:
      > for ($cmd) {
      >
      > /^\s*get\s+(\S+)(\s+(\S+))?/ && do {get($1, $3); next SWITCH};
      > /^\s*cd\s+(\S+)/ && do {cd($1); next SWITCH};
      > /^\s*ls\s+(\S+)?/ && do {ls($1); next SWITCH};
      > /^\s*quit/ && do {end(); next SWITCH};
      >
      > eval $cmd;
      >
      > };
      >
      > };
      >
      > # [other subroutines]
      >
      > sub ls {
      >
      > my $file = shift;
      > print $ftp->ls($file);
      >
      > };
      >
      >
      > dump of the reply of the server on the call to the ls method:
      >
      > <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope
      > xmlns:namesp2="http://128.61.33.168/SOAPFTP"
      > xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
      > SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
      > xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"
      > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
      > xmlns:xsd="http://www.w3.org/1999/XMLSchema"><SOAP-
      ENV:Body><namesp8:ls
      > xmlns:namesp8="http://128.61.33.168/SOAPFTP"><SOAPFTP
      > xsi:type="namesp2:SOAPFTP"/><c-gensym40
      > xsi:null="1"/></namesp8:ls></SOAP-ENV:Body></SOAP-ENV:Envelope>
      > HTTP/1.1 200 OK
      > Date: Tue, 10 Jul 2001 23:25:24 GMT
      > Server: libwww-perl-daemon/1.24
      > Content-Length: 1764
      > Content-Type: text/xml
      > Client-Date: Tue, 10 Jul 2001 22:27:12 GMT
      > Client-Peer: 128.61.33.168:5000
      > SOAPServer: SOAP::Lite/Perl/0.46
      >
      > <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope
      > xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
      > SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
      > xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"
      > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
      > xmlns:xsd="http://www.w3.org/1999/XMLSchema"><SOAP-
      ENV:Header><SOAPFTP
      > xsi:type="namesp2:SOAPFTP"/></SOAP-ENV:Header><SOAP-
      ENV:Body><namesp3:lsResponse
      > xmlns:namesp3="http://128.61.33.168/SOAPFTP"><s-gensym165
      > xsi:type="xsd:string">
      > </s-gensym165><s-gensym167 xsi:type="xsd:string"> Volume in drive C
      has
      > no label
      > </s-gensym167><s-gensym169 xsi:type="xsd:string"> Volume Serial
      Number
      > is 07D0-0812
      > </s-gensym169><s-gensym171 xsi:type="xsd:string"> Directory of
      C:\Perl
      > </s-gensym171><s-gensym173 xsi:type="xsd:string">
      > </s-gensym173><s-gensym175 xsi:type="xsd:string">.
      <DIR>
      > 05-22-01 2:01a .
      > </s-gensym175><s-gensym177 xsi:type="xsd:string">..
      <DIR>
      > 05-22-01 2:01a ..
      > </s-gensym177><s-gensym179 xsi:type="xsd:string">HTML
      <DIR>
      > 05-22-01 2:01a html
      > </s-gensym179><s-gensym181 xsi:type="xsd:string">LIB
      <DIR>
      > 05-22-01 2:01a lib
      > </s-gensym181><s-gensym183 xsi:type="xsd:string">SITE
      <DIR>
      > 05-22-01 2:01a site
      > </s-gensym183><s-gensym185 xsi:type="xsd:string">EG
      <DIR>
      > 05-22-01 2:01a eg
      > </s-gensym185><s-gensym187 xsi:type="xsd:string">BIN
      <DIR>
      > 05-22-01 2:01a bin
      > </s-gensym187><s-gensym189 xsi:type="xsd:string"> 0 file(s)
      > 0 bytes
      > </s-gensym189><s-gensym191 xsi:type="xsd:string"> 7 dir(s)
      > 65.95 MB free
      > </s-gensym191></namesp3:lsResponse></SOAP-ENV:Body></SOAP-
      ENV:Envelope>
      >
      >
      > finally, this is what the listing looks like:
      >
      > Volume in drive C has no label
      > Volume Serial Number is 07D0-0812
      > Directory of C:\Perl
      >
      > . <DIR> 05-22-01 2:01a .
      > .. <DIR> 05-22-01 2:01a ..
      > HTML <DIR> 05-22-01 2:01a html
      > LIB <DIR> 05-22-01 2:01a lib
      > SITE <DIR> 05-22-01 2:01a site
      > EG <DIR> 05-22-01 2:01a eg
      > BIN <DIR> 05-22-01 2:01a bin
      > 0 file(s) 0 bytes
      > 7 dir(s) 73.95 MB free
      >
      >
      > Jörg
    • Jörg Ziefle
      ... Any idea why I don t? :) Jörg
      Message 2 of 5 , Jul 10, 2001
      • 0 Attachment
        On Tue, Jul 10, 2001 at 11:11:32PM -0000, paulclinger@... wrote:

        > Anyway you should get proper decoded string on the other side.

        Any idea why I don't? :)

        Jörg
      • Paul Kulchenko
        Hi, Jörg! ... Only one possible reason that I see is that you re using XML::Parser::Lite instead of XML::Parser (if you don t have it) and ... it yourself.
        Message 3 of 5 , Jul 10, 2001
        • 0 Attachment
          Hi, J�rg!

          > > Anyway you should get proper decoded string on the other side.
          > Any idea why I don't? :)
          Only one possible reason that I see is that you're using
          XML::Parser::Lite instead of XML::Parser (if you don't have it) and
          ::Lite version doesn't support entity decoding yet. You can always do
          it yourself.

          You can check whether this is a case with:

          ref $s->deserializer->parser->parser;

          where $s is SOAP::Lite or SOAP::Server object.

          Let me know if it's something else.

          Best wishes, Paul.

          --- J�rg_Ziefle <joerg.ziefle@...> wrote:
          > On Tue, Jul 10, 2001 at 11:11:32PM -0000, paulclinger@...
          > wrote:
          >
          > > Anyway you should get proper decoded string on the other side.
          >
          > Any idea why I don't? :)
          >
          > J�rg
          >
          > To unsubscribe from this group, send an email to:
          > soaplite-unsubscribe@yahoogroups.com
          >
          >
          >
          > Your use of Yahoo! Groups is subject to
          > http://docs.yahoo.com/info/terms/
          >
          >


          __________________________________________________
          Do You Yahoo!?
          Get personalized email addresses from Yahoo! Mail
          http://personal.mail.yahoo.com/
        • Jörg Ziefle
          ... You got it. :| Thanks for clarifying, Jörg
          Message 4 of 5 , Jul 10, 2001
          • 0 Attachment
            On Tue, Jul 10, 2001 at 09:37:42PM -0700, Paul Kulchenko wrote:

            > Only one possible reason that I see is that you're using
            > XML::Parser::Lite instead of XML::Parser (if you don't have it).

            You got it. :|

            Thanks for clarifying,

            Jörg
          Your message has been successfully submitted and would be delivered to recipients shortly.