Opened 11 years ago

Closed 11 years ago

#1038 closed Bugs (fixed)

"<" and ">" should be excaped in xml_oarchive

Reported by: r.buergel@… Owned by: Robert Ramey
Milestone: Boost 1.36.0 Component: serialization
Version: Severity: Cosmetic
Keywords: Cc:


Using templates in BOOST_CLASS_EXPORT fails for XML Archives, because the characters "<" and ">" enclosing the template-parameters aren't escaped. Using templates for other Archives works, so this should be corrected for XML Archives. The xml_iarchive is already correct and understands &gt; respective &lt;.

I could reproduce the bug for Boost 1.33.1 and 1.34.0. I'll append a testcase, where the Bug should be reproducable and a patch to fix it.

Yours sincerely, René Bürgel

Attachments (2)

Test.cpp (1.2 KB) - added by r.buergel@… 11 years ago.
300-writing-lt-gt.patch (369 bytes) - added by r.buergel@… 11 years ago.

Download all attachments as: .zip

Change History (10)

Changed 11 years ago by r.buergel@…

Attachment: Test.cpp added


Changed 11 years ago by r.buergel@…

Attachment: 300-writing-lt-gt.patch added


comment:1 Changed 11 years ago by Eric Niebler

Owner: set to Robert Ramey

comment:2 Changed 11 years ago by Robert Ramey

"Using templates for other Archives works, so this should be corrected for XML Archives."

I can't see how this would be true. I'll look into it

Robert Ramey

comment:3 in reply to:  2 Changed 11 years ago by r.buergel@…

Did you find some time for it?

comment:4 Changed 11 years ago by Robert Ramey

Resolution: fixed
Status: newclosed

I've examined your test case, which boils down to:

typedef B<int> bint; BOOST_CLASS_EXPORT( B<int> )

With your suggestion, this would generate xml that looks like;

<B&lt;int&gt; ...>...</B&lt;int&gt;>

Is this legal xml?

Assuming it is, is this good idea?

Without making a better case for this, I would be disinclined to alterh the library.

Robert Ramey

comment:5 Changed 11 years ago by r.buergel@…

Resolution: fixed
Status: closedreopened

It looks like we're talking about two different things here.

The suggested patch just changed the generated xml from <b class_id="1" class_name="B<int>" ...> to <b class_id="1" class_name="B&lt;int&gt;" ...>

I'm not sure, if class_name="B<int>" is valid XML, but i think so. At least it is unambiguous, because the angle brackets are enclosed by quotation marks. So, at a closer look, the xml-parser may be the real cause of the problem and my patch is more the workaround for this.

The case you are describing above doesn't come from using "BOOST_CLASS_EXPORT ( B<int> )", but from "ar & BOOST_SERIALIZATION_BASE_OBJECT_NVP( B<int> )". I added it to my testcase and at a quick view, that also seems to work for other archive types like text_archive, but fails for xml_archives. But for that case, the xml_oarchive fails, not the iarchive. So it is recognized when writing the serialization, and not until reading it.

I'd like to find a solution here. In the best case, the xml-reader is fixed to read class_name="B<int>", IF that is valid xml. But at least, the xml_oarchive should not be able to create archives, that can't be read by the xml_iarchive.

comment:6 Changed 11 years ago by r.buergel@…

Ok, i looked it up in the XML specs ( ), what is valid xml and what not.

<b class_id="1" class_name="B<int>" ...> is invalid, because the left angle bracket is forbidden in attribute values. The escaped variant <b class_id="1" class_name="B&lt;int&gt;" ...> is valid.

The case you described above ( <B&lt;int&gt; ...>...</B&lt;int&gt;> ) is clearly invalid. But it didn't work before my patch and it doesn't work after applying it, because the xml_oarchive throws an exception, which states "Unrecognized XML Syntax".

So, currently it is possible to write invalid xml with you archive without getting trapped. But reading that invalid xml-file causes the application to fail.

comment:7 Changed 11 years ago by Robert Ramey


First, thanks for spending time on this. We're now at the point where you've looked at it more deeply than I have. Does your patch:

a) create class_name="B&lt;int&gt" on output b) and permit class_name="B&lt;int&gt" in input? c) trap usage of < and > in variable names on output?

If not, can it be enhanced to do so? This to me would be a definitive solution to the the problem and guarentee that any archive that is successfully written with xml_oarchive can be successfully read by xml_iarchive - which is where I want the real situation to be.

Robert Ramey

Would this not resolve the issue

comment:8 Changed 11 years ago by Robert Ramey

Milestone: To Be DeterminedBoost 1.36.0
Resolution: fixed
Status: reopenedclosed

OK, you've convinced me. I'm putting it in and testing it.

Robert Ramey

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain Robert Ramey.
The resolution will be deleted.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.