I came across this today, while helping a customer. The following will
happily create a piece of XML with an embedded ^A:
select xmlelement(name foo, null, E'abc\x01def');
Now, a ^A is totally forbidden in XML version 1.0, and allowed but only
as "" or equivalent in XML version 1.1, and not as a 0x01 byte
(see <http://en.wikipedia.org/wiki/XML#Valid_characters>)
ISTM this is something we should definitely try to fix ASAP, even if we
probably can't backpatch the fix.
(Interestingly, the software than runs my PostgreSQL blog, Serendipity,
appears to have a similar bug, at least in the version Devrim is using,
having cheerfully embedded a ^L in its RSS feed a few days ago, thus
causing planet.postgresql.org to blow up.)
cheers
andrew
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
