[cmake-developers] CTest XML outputs unsafe content

Daniel Pfeifer daniel at pfeifer-mail.de
Thu Aug 27 17:02:40 EDT 2015


On Thu, Aug 27, 2015 at 3:34 PM, Brad King <brad.king at kitware.com> wrote:
> On 08/27/2015 07:20 AM, Mathieu MARACHE wrote:
>> I'm maintaining a CTest output parser for Bamboo. It was reported to me that
>> CMake 3.3.1 produced parsing issues in my plugin. After digging into CMake
>> source code, it seems that a bug was introduced with the replacement of
>> direct use of cmXMLSafe and std::ostream in favor of cmXMLwriter.
>
> For reference, the changes were here:
>
>  Merge topic 'ctest-xml-refactor'
>  http://www.cmake.org/gitweb?p=cmake.git;a=commit;h=0c24c231
>
>> cmXMLWriter is, I assume wrongly, output Safe content without
>> (quotes, etc.) escaping.
>
> The SafeContent method is for text inside an element like
>
>  <Element>ContentHere</Element>
>
> The SafeAttribute method is for text inside an element attribute
>
>  <Element attr="AttributeHere"/>
>
> The latter needs quotes to be encoded as """ but the former
> does not:
>
>  http://www.w3.org/TR/xml11/#syntax
>
> Have you found an attribute value that does not enocde quotes?

The proposed patch enables the encoding of quotes in content. This
does not seem correct to me.

I saw cmXMLSafe is used in some places inside CTest.
Since escaping is handled by cmXMLWriter, this may lead to some double
encodings.

I have attached two patches that remove all uses of cmXMLSafe from CTest.

-- Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-remove-unused-cmXMLSafe-includes.patch
Type: text/x-patch
Size: 2232 bytes
Desc: not available
URL: <http://public.kitware.com/pipermail/cmake-developers/attachments/20150827/6b867063/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-remove-all-usage-of-cmXMLSafe-from-CTest.patch
Type: text/x-patch
Size: 3986 bytes
Desc: not available
URL: <http://public.kitware.com/pipermail/cmake-developers/attachments/20150827/6b867063/attachment-0003.bin>


More information about the cmake-developers mailing list