diff options
author | Florent Le Coz <louiz@louiz.org> | 2015-02-26 04:58:07 +0100 |
---|---|---|
committer | Florent Le Coz <louiz@louiz.org> | 2015-02-26 04:58:07 +0100 |
commit | 6a2240f5935a4608e651a33c39219e912c9ea9ba (patch) | |
tree | 04d22f820a94fa03875e282e27e6fa4429cf71e4 | |
parent | 53e6b1da69199f54303e4cb2b00db3205f62ce6e (diff) | |
download | biboumi-6a2240f5935a4608e651a33c39219e912c9ea9ba.tar.gz biboumi-6a2240f5935a4608e651a33c39219e912c9ea9ba.tar.bz2 biboumi-6a2240f5935a4608e651a33c39219e912c9ea9ba.tar.xz biboumi-6a2240f5935a4608e651a33c39219e912c9ea9ba.zip |
Properly sanitize everything in the XML we send to the XMPP server
in this order:
- Make sure it is utf-8 encoded
- Remove all chars that are invalid in XML
- Escape all XML special chars (&'"<>)
-rw-r--r-- | src/xmpp/xmpp_stanza.cpp | 15 | ||||
-rw-r--r-- | src/xmpp/xmpp_stanza.hpp | 1 |
2 files changed, 12 insertions, 4 deletions
diff --git a/src/xmpp/xmpp_stanza.cpp b/src/xmpp/xmpp_stanza.cpp index 4290fc7..df19105 100644 --- a/src/xmpp/xmpp_stanza.cpp +++ b/src/xmpp/xmpp_stanza.cpp @@ -218,13 +218,12 @@ std::string XmlNode::to_string() const std::string res("<"); res += this->name; for (const auto& it: this->attributes) - res += " " + utils::remove_invalid_xml_chars(it.first) + "='" + - utils::remove_invalid_xml_chars(it.second) + "'"; + res += " " + it.first + "='" + sanitize(it.second) + "'"; if (this->closed && !this->has_children() && this->inner.empty()) res += "/>"; else { - res += ">" + utils::remove_invalid_xml_chars(this->inner); + res += ">" + sanitize(this->inner); for (const auto& child: this->children) res += child->to_string(); if (this->closed) @@ -232,7 +231,7 @@ std::string XmlNode::to_string() const res += "</" + this->get_name() + ">"; } } - res += utils::remove_invalid_xml_chars(this->tail); + res += sanitize(this->tail); return res; } @@ -265,3 +264,11 @@ std::string& XmlNode::operator[](const std::string& name) { return this->attributes[name]; } + +std::string sanitize(const std::string& data) +{ + if (utils::is_valid_utf8(data.data())) + return xml_escape(utils::remove_invalid_xml_chars(data)); + else + return xml_escape(utils::remove_invalid_xml_chars(utils::convert_to_utf8(data, "ISO-8859-1"))); +} diff --git a/src/xmpp/xmpp_stanza.hpp b/src/xmpp/xmpp_stanza.hpp index 9229ae6..f1a6a0f 100644 --- a/src/xmpp/xmpp_stanza.hpp +++ b/src/xmpp/xmpp_stanza.hpp @@ -7,6 +7,7 @@ std::string xml_escape(const std::string& data); std::string xml_unescape(const std::string& data); +std::string sanitize(const std::string& data); /** * Represent an XML node. It has |