| Subject: | escaping XML "rdf:about" attribute in RDFXML serializer |
Hi Gregory,
I noticed a small bug in the RDFXML serializer
(RDF/Trine/Serializer/RDFXML.pm):
Values of the rdf:about XML attribute are not properly escaped for the
chars [&<"]. I've attached a patch which you can apply with
$ patch RDF/Trine/RDFXML.pm RDFXML.pm.patch
Below is a small example output file demonstrating the error. The
ampersand is properly escaped in the value for "rdf:resource", but not
in the value for "rdf:about".
Show quoted text
--- BEGIN QUOTE ---
<?xml version="1.0" encoding="utf-8"?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:sio="http://semanticscience.org/resource/">
<rdf:Description
rdf:about="http://dev.biordf.net/~benv/cgi-bin/flybase/sequence?id=4&strand=1">
<sio:SIO_000210
rdf:resource="http://dev.biordf.net/~benv/cgi-bin/flybase/strand?id=4&strand=1"/>
</rdf:Description>
</rdf:RDF>
-- END QUOTE --
| Subject: | RDFXML.pm.patch |
*** /usr/local/share/perl/5.10.1/RDF/Trine/Serializer/RDFXML.pm 2011-04-30 16:24:44.000000000 -0700
--- lib/RDF/Trine/Serializer/RDFXML.pm 2011-07-29 16:41:22.000000000 -0700
***************
*** 162,171 ****
--- 162,176 ----
if ($s->isa('RDF::Trine::Node::Blank')) {
my $b = $s->blank_identifier;
$id = qq[rdf:nodeID="$b"];
} else {
my $i = $s->uri_value;
+ for ($i) {
+ s/&/&/g;
+ s/</</g;
+ s/"/"/g;
+ }
$id = qq[rdf:about="$i"];
}
my $counter = 1;
my %namespaces = %{ $self->{namespaces} };