New submission from Kyle Keating <[email protected]>:
I was doing some tests on using this library and I noticed xml elements and
attribute names could be created with mal-formed xml because special characters
which can break validation are not cleaned or converted from their literal
forms. Only the attribute values are cleaned, but not the names.
For example
import xml.dom
...
doc.createElement("p></p>")
...
will just embed a pair of p tags in the xml result. I thought that the xml spec
did not permit <, >, &, \n etc. in the element name or attribute name? Could I
get some clarification on this, thanks!
----------
components: Library (Lib)
messages: 136402
nosy: Kyle.Keating
priority: normal
severity: normal
status: open
title: Document Object Model API - validation
type: behavior
versions: Python 2.7
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue12129>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
