Malformed XML can be passed to fancy_prompt.xul
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Eg: *
Osrf: *
Etc.: *
Since fancy_prompt.xul takes xml chunks as parameters it has to rely on callers to make sure that they pass valid xml; it can't simply wrap those parameters in <[CDATA[ blocks or call any escape functions against them. As an example: create a volume and include an ampersand in the label, then try to transfer it to another bib record. The result is an ugly XML error because copy_browser.js doesn't currently do anything special to acn entries.
Rather than play whack-a-mole with calls to fancy_prompt.xul, it looks like the best course of action right now is to make something like the xml_encode() function in server/
I wanted to get this bug posted in case someone has time to look at it. I wouldn't mind working on it at the hackaway, but there are a couple projects ahead of it in line. :)
Changed in evergreen: | |
status: | New → Won't Fix |