summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorent Le Coz <louiz@louiz.org>2015-02-26 04:58:07 +0100
committerFlorent Le Coz <louiz@louiz.org>2015-02-26 04:58:07 +0100
commit6a2240f5935a4608e651a33c39219e912c9ea9ba (patch)
tree04d22f820a94fa03875e282e27e6fa4429cf71e4
parent53e6b1da69199f54303e4cb2b00db3205f62ce6e (diff)
downloadbiboumi-6a2240f5935a4608e651a33c39219e912c9ea9ba.tar.gz
biboumi-6a2240f5935a4608e651a33c39219e912c9ea9ba.tar.bz2
biboumi-6a2240f5935a4608e651a33c39219e912c9ea9ba.tar.xz
biboumi-6a2240f5935a4608e651a33c39219e912c9ea9ba.zip
Properly sanitize everything in the XML we send to the XMPP server
in this order: - Make sure it is utf-8 encoded - Remove all chars that are invalid in XML - Escape all XML special chars (&'"<>)
-rw-r--r--src/xmpp/xmpp_stanza.cpp15
-rw-r--r--src/xmpp/xmpp_stanza.hpp1
2 files changed, 12 insertions, 4 deletions
diff --git a/src/xmpp/xmpp_stanza.cpp b/src/xmpp/xmpp_stanza.cpp
index 4290fc7..df19105 100644
--- a/src/xmpp/xmpp_stanza.cpp
+++ b/src/xmpp/xmpp_stanza.cpp
@@ -218,13 +218,12 @@ std::string XmlNode::to_string() const
std::string res("<");
res += this->name;
for (const auto& it: this->attributes)
- res += " " + utils::remove_invalid_xml_chars(it.first) + "='" +
- utils::remove_invalid_xml_chars(it.second) + "'";
+ res += " " + it.first + "='" + sanitize(it.second) + "'";
if (this->closed && !this->has_children() && this->inner.empty())
res += "/>";
else
{
- res += ">" + utils::remove_invalid_xml_chars(this->inner);
+ res += ">" + sanitize(this->inner);
for (const auto& child: this->children)
res += child->to_string();
if (this->closed)
@@ -232,7 +231,7 @@ std::string XmlNode::to_string() const
res += "</" + this->get_name() + ">";
}
}
- res += utils::remove_invalid_xml_chars(this->tail);
+ res += sanitize(this->tail);
return res;
}
@@ -265,3 +264,11 @@ std::string& XmlNode::operator[](const std::string& name)
{
return this->attributes[name];
}
+
+std::string sanitize(const std::string& data)
+{
+ if (utils::is_valid_utf8(data.data()))
+ return xml_escape(utils::remove_invalid_xml_chars(data));
+ else
+ return xml_escape(utils::remove_invalid_xml_chars(utils::convert_to_utf8(data, "ISO-8859-1")));
+}
diff --git a/src/xmpp/xmpp_stanza.hpp b/src/xmpp/xmpp_stanza.hpp
index 9229ae6..f1a6a0f 100644
--- a/src/xmpp/xmpp_stanza.hpp
+++ b/src/xmpp/xmpp_stanza.hpp
@@ -7,6 +7,7 @@
std::string xml_escape(const std::string& data);
std::string xml_unescape(const std::string& data);
+std::string sanitize(const std::string& data);
/**
* Represent an XML node. It has