[Mono-bugs] [Bug 333699] New: SecurityElement. FromString does not support character entity references

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Sun Oct 14 04:00:56 EDT 2007


           Summary: SecurityElement.FromString does not support character
                    entity references
           Product: Mono: Class Libraries
           Version: 1.2
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: CORLIB
        AssignedTo: mono-bugs at ximian.com
        ReportedBy: gert.driesen at pandora.be
         QAContact: mono-bugs at ximian.com
          Found By: ---

SecurityElement.FromString is unable load XML containing character entity
references (eg. <).

Apparently, the SmallXmlParser which is used by SecurityElement.FromString to
parse the XML resolved character entity references and assigns the content to
SecurityElement.Text (which rejects '<', '>' characters).

To reproduce, compile and run the following code snippet:

using System;
using System.Security;

class Program
  static void Main ()
    SecurityElement values = new SecurityElement ("values");

    SecurityElement infoValue = new SecurityElement ("value");
    infoValue.AddAttribute ("name", "string");
    infoValue.Text = SecurityElement.Escape ("<'Suds' & \"Soda\">!");
    values.AddChild (infoValue);

    SecurityElement sec = SecurityElement.FromString (values.ToString ());
    foreach (SecurityElement child in sec.Children)
      Console.WriteLine (child.Tag + " => " + child.Text);

Expected result:

value => <'Suds' & "Soda">!

Actual result:

Unhandled Exception: System.Security.XmlSyntaxException: Invalid XML. --->
System.ArgumentException: Invalid XML string: <'Suds' & "Soda">!
  at System.Security.SecurityElement.set_Text (System.String value) [0x00000] 
  at Mono.Xml.SecurityParser.OnChars (System.String ch) [0x00000] 
  at Mono.Xml.SmallXmlParser.HandleBufferedContent () [0x00000] 
  at Mono.Xml.SmallXmlParser.ReadContent () [0x00000] 
  at Mono.Xml.SmallXmlParser.Parse (System.IO.TextReader input, IContentHandler
handler) [0x00000] 
  at Mono.Xml.SecurityParser.LoadXml (System.String xml) [0x00000] 
  at System.Security.SecurityElement.FromString (System.String xml) [0x00000]
--- End of inner exception stack trace ---

  at System.Security.SecurityElement.FromString (System.String xml) [0x00000] 
  at Program.Main () [0x00000]

Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the mono-bugs mailing list