escape strings for writing XML [24] about openms HOT 11 CLOSED

OpenMS Developer Retraet 2014 Ticket Review:

Looks fixed! Please close it!

from openms.

is not fixed for mzML or mzXML at all. writeXMLEscape should be used instead of directly writing into the outstream

from openms.

Hi Hannes, I will set priority down from blocker to major. Do you know what still needs to be done?

from openms.

Im on vacation but basically we need to go through every line of every xml
writer systematically and identify instances where unsafe xml may be
written from a string and pipe it through an escape function. So far I only
fixed the most obvious cases of userparam and cv param and a few others

sent from my smartphone -- you may keep any typos you find.
On Feb 2, 2015 11:11 AM, "Timo Sachsenberg" [email protected]
wrote:

Hi Hannes, I will set priority down from blocker to major. Do you know
what still needs to be done?

—
Reply to this email directly or view it on GitHub
#24 (comment).

from openms.

Any progress on this? I changed state from major enhancement to minor defect.

from openms.

well if OpenMS writes invalid XML files that even OpenMS itself cannot read again, this is a major problem. I believe that we have fixed it many places now but so far all fixes have been "partial".

from openms.

We can also promote this to a major defect if you want but major enhancement was probably the wrong label. If we promote it to major then we should ideally have a plan or anybody willing to take the lead on this. Without looking at the code, would it be possible to wrap the operator to always call writeXMLEscape ?

from openms.

yes, that might be an idea but it seems very invasive

On Wed, Nov 9, 2016 at 1:14 AM, Timo Sachsenberg [email protected]
wrote:

We can also promote this to a major defect if you want but major
enhancement was probably the wrong label. If we promote it to major then we
should ideally have a plan or anybody willing to take the lead on this.
Without looking at the code, would it be possible to wrap the operator to
always call writeXMLEscape ?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#24 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AAcUjr85biLo_56NT4msoZrwOYN0Gt8Gks5q8Y8TgaJpZM4BYf0j
.

from openms.

not sure if thats a good idea.
I remember fixing some formats, and I vaguely recall an issue with
double escaping. Apart from that, its overhead :)

Am 11/10/2016 um 12:32 AM schrieb Hannes Roest:

yes, that might be an idea but it seems very invasive

On Wed, Nov 9, 2016 at 1:14 AM, Timo Sachsenberg [email protected]
wrote:

We can also promote this to a major defect if you want but major
enhancement was probably the wrong label. If we promote it to major
then we
should ideally have a plan or anybody willing to take the lead on this.
Without looking at the code, would it be possible to wrap the operator to
always call writeXMLEscape ?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#24 (comment),
or mute
the thread

https://github.com/notifications/unsubscribe-auth/AAcUjr85biLo_56NT4msoZrwOYN0Gt8Gks5q8Y8TgaJpZM4BYf0j
.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#24 (comment), or
mute the thread
https://github.com/notifications/unsubscribe-auth/AFuvkrmbQI2dHd1K9SQ5JtENcuY7zjfDks5q8lghgaJpZM4BYf0j.

from openms.

closing this, this there seems to be no immediate problem.

from openms.

@cbielow given that the latest bugfix for this issue was less then 16 days ago, this seems optimistic #3321

from openms.