From f6599c5164800e9b6fe8a85e6e2bc54fdf2f952a Mon Sep 17 00:00:00 2001 From: Alex Henrie Date: Mon, 2 May 2016 22:29:59 -0600 Subject: [PATCH] Fix XSD validation of URIs with ampersands For https://bugzilla.gnome.org/show_bug.cgi?id=709171 This makes xmlSchemaSAXHandleStartElementNs pass attributes through xmlStringDecodeEntities, similar to how xmlSchemaVDocWalk passes them through xmlNodeListGetString. --- xmlschemas.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/xmlschemas.c b/xmlschemas.c index ed6008026..ee22a6da8 100644 --- a/xmlschemas.c +++ b/xmlschemas.c @@ -27382,10 +27382,17 @@ xmlSchemaSAXHandleStartElementNs(void *ctx, for (j = 0, i = 0; i < nb_attributes; i++, j += 5) { /* - * Duplicate the value. + * Duplicate the value, changing any & to a literal ampersand. + * + * libxml2 differs from normal SAX here in that it escapes all ampersands + * as & instead of delivering the raw converted string. Changing the + * behavior at this point would break applications that use this API, so + * we are forced to work around it. There is no danger of accidentally + * decoding some entity other than & in this step because without + * unescaped ampersands there can be no other entities in the string. */ - value = xmlStrndup(attributes[j+3], - attributes[j+4] - attributes[j+3]); + value = xmlStringLenDecodeEntities(vctxt->parserCtxt, attributes[j+3], + attributes[j+4] - attributes[j+3], XML_SUBSTITUTE_REF, 0, 0, 0); /* * TODO: Set the node line. */