Bug #27148 for XML-Generator: Not allowed entities

> Wed May 16 05:29:41 2007: Request 27148 was acted upon. > Transaction: Ticket created by estrai > Queue: XML-Generator > Subject: Not allowed entities > Broken in: 0.99 > Severity: Important > Owner: Nobody > Requestors: estrai@estrai.com > Status: new > Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=27148 > > > > XML output is not parsed correctly when some not allowed entities are > used, for example "&something;" > > To reproduce this problem try: > perl -MXML::Generator -le 'my $xg=XML::Generator->new(escape=>always); > print $xg->foo({bar=>"foo foo &bar; foo foo"}, "boo moo foo");' > <foo bar="foo foo &bar; foo foo">boo moo foo</foo> > > perl -MXML::Simple -le 'XMLin( q{<foo bar="foo foo &bar; foo foo">boo > moo foo</foo>} )' > > undefined entity at line 1, column 0, byte 0 at > /opt/perl-5.8.6/lib/site_perl/5.8.6/i686-linux-thread-multi/XML/Parser.pm > line 187 > > It occures in body part (<foo>&bar;</foo>) as well > > It not includes entities like &#xxx; > > My sugestion to fix this problem: > > my %ENTITIES = ( # Entities allowed > quot => 1, > apos => 1, > lt => 1, > gt => 1, > amp => 1, > ); > > > $_[0] =~ s/&(.+?);/ $ENTITIES{$1} && "#" ne substr($1, 0, 1) > ? "&$1;" > : "&amp;$1;"/ge; > > > >

> Daniel, > > It's actually a feature, though I can see how it might cause problems > for you. Because XML::Generator generates independent snippets of XML > that can be glued together later, it doesn't know which additional > entities may be defined in an external or internal DTD. Automatically > escaping unrecognized entities would then make it impossible to generate > them unless I added an argument to the constructor to allow additional > entities not to escape to be specified. I will consider that.