[Libosinfo] [PATCH] osinfo-install-script: read config values as strings
Giuseppe Scrivano
gscrivan at redhat.com
Mon Mar 17 16:00:16 UTC 2014
Christophe Fergeau <cfergeau at redhat.com> writes:
>> Solves this problem:
>>
>> $ osinfo-install-script rhel6.5 -c "admin-password=a&b"
>> error : unterminated entity reference b
>
>
> Shouldn't we be XML-escaping user-input instead (
> xmlEncodeEntitiesReentrant() ) ?
the same would happen, for example, if the password is generated
randomly. If you try enough times the same command without the
'-c "admin-password=a&b"' part, you will hit the same problem at some
point. I think it is safer to fix it at this level.
Regards,
Giuseppe
More information about the Libosinfo
mailing list