XML entities are not escaped during note save - /notes/ oopses
Bug #527374 reported by
Roman Yepishev
This bug affects 5 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ubuntu One Servers |
Fix Released
|
Critical
|
Rodrigo Moya | ||
Bug Description
STR:
1. Create a note with any title
2. Put unescaped &, or <tag> to the note.
3. Save the note.
4. Everything looks fine.
5. Now go to /notes/ url
Actual result:
OOPS:
* xmlParseEntityRef: no name.
* Opening and ending tag mismatch.
Expected result:
Everything works.
Reason:
&, <, and > are not escaped when saved to server couchdb. Upon reading the notes server parses the stored value and raises an exception.
Unforturnately I can't open any notes the error page is berfore
| visibility: | private → public |
| Changed in ubuntuone-servers: | |
| status: | New → Confirmed |
| importance: | Undecided → Critical |
| assignee: | nobody → Ubuntu One Desktop+ team (ubuntuone-desktop+) |
| tags: | added: desktop+ notes webui |
Revision history for this message
| Roman Yepishev (rye) wrote | #1 |
| Changed in ubuntuone-servers: | |
| assignee: | Ubuntu One Desktop+ team (ubuntuone-desktop+) → Rodrigo Moya (rodrigo-moya) |
| Changed in ubuntuone-servers: | |
| status: | Confirmed → In Progress |
| Changed in ubuntuone-servers: | |
| status: | In Progress → Fix Committed |
| description: | updated |
Revision history for this message
| Rodrigo Moya (rodrigo-moya) wrote | #2 |
| Changed in ubuntuone-servers: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Please note that the notes are _already_ stored in the broken format on u1 so the code will need to restore the entities properly on note sync / and web ui editing.