-
Sep 7th, 2011, 01:00 PM
#1
[RESOLVED] Sanitizing comments field
I call a method in a library which needs to receive XML. One of the fields in this XML is called "usercomments" where the user can enter free form text from the front-end. Some of our users have figured out a way of crashing the system.
When certain hexadecimal characters make their way to the database, the method in the library fails.
This is the kind of error that I receive when the field to the XML Parser.
PHP Code:
System.ArgumentException occurred
Message='', hexadecimal value 0x13, is an invalid character.
Source=System.Xml
StackTrace:
at System.Xml.XmlEncodedRawTextWriter.InvalidXmlChar(Int32 ch, Char* pDst, Boolean entitize)
at System.Xml.XmlEncodedRawTextWriter.WriteElementTextBlock(Char* pSrc, Char* pSrcEnd)
at System.Xml.XmlEncodedRawTextWriter.WriteString(String text)
at System.Xml.XmlEncodedRawTextWriterIndent.WriteString(String text)
at System.Xml.XmlWellFormedWriter.WriteString(String text)
at System.Xml.XmlWriter.WriteElementString(String localName, String ns, String value)
at System.Xml.XmlWriter.WriteElementString(String localName, String value)
at Ax.Frameworks.BOF.VOBase.WriteXMLElement(gt db, XmlWriter xmlWriter, bz dbFldInfos, a0 p, Type type, BOFDbTblAttribute dbTbl, Boolean excludeKeyFields)
at Ax.Frameworks.BOF.VOBase.ToXML(gt db, XmlWriter xmlWriter, Boolean excludeKeyFields)
at Ax.Frameworks.BOF.VOBaseCollection.ToXML(gt db, XmlWriter xmlWriter, Boolean excludeKeyFields)
at Ax.Frameworks.BOF.VOBase.WriteXMLElement(gt db, XmlWriter xmlWriter, bz dbFldInfos, a0 p, Type type, BOFDbTblAttribute dbTbl, Boolean excludeKeyFields)
at Ax.Frameworks.BOF.VOBase.ToXML(gt db, XmlWriter xmlWriter, Boolean excludeKeyFields)
at Ax.Frameworks.BOF.VOBase.ToXML(gt db, XmlWriter xmlWriter)
at Ax.Frameworks.BOF.VOBase.ToXML(Boolean includeEncoding)
at Ax.Frameworks.BOF.VOBase.ToXML()
at AxPartyClass.AxPartyC.SetPartyContainer(String iPartyType) in PartyC.cs:line 233
InnerException:
Is there some kind of method in C# that will sanitize this and remove all the invalid hexadecimal characters from the text fields, so that I can do a cleanup of the comments field.
By invalid hexadecimal characters, I mean those characters which the XML parser won't be able to parse. I don't have a list of which characters break the library and which don't.
Everything that has a computer in will fail. Everything in your life, from a watch to a car to, you know, a radio, to an iPhone, it will fail if it has a computer in it. They should kill the people who made those things.- 'Woz'
save a blobFileStreamDataTable To Text Filemy blog
-
Sep 7th, 2011, 02:14 PM
#2
Re: Sanitizing comments field
Can you pass it through as CDATA rather than the value of a node?
-tg
-
Sep 7th, 2011, 02:21 PM
#3
Re: Sanitizing comments field
CDATA is not a possibility for now, but I did find something online, that I can use.
You can clean up your XML using a function like this.
PHP Code:
public static string XmlCharacterWhitelist(string inString)
{
if (inString == null) return null;
var sbOutput = new StringBuilder();
foreach (var ch in inString)
{
if ((ch >= 0x0020 && ch <= 0xD7FF) ||
(ch >= 0xE000 && ch <= 0xFFFD) ||
ch == 0x0009 ||
ch == 0x000A ||
ch == 0x000D)
{
sbOutput.Append(ch);
}
}
return sbOutput.ToString();
}
Everything that has a computer in will fail. Everything in your life, from a watch to a car to, you know, a radio, to an iPhone, it will fail if it has a computer in it. They should kill the people who made those things.- 'Woz'
save a blobFileStreamDataTable To Text Filemy blog
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|