#15602 closed defect (fixed)

wxSVGFileDC doesn't quote special XML characters in DrawText()

Reported by: ludo Owned by:
Priority: normal Milestone:
Component: GUI-all Version:
Keywords: simple Cc:
Blocked By: Blocking:
Patch: no

Description

if wxSVG::DrawText() is called with a string containing '<' or '>' or possibly other xml illegal characters, they are not being replaced by xml special codes. They end up as such in the output svg file, and break svg (or xml) parsing by web navigators.
I am using wxWidgets (latest version) on Windows7

Attachments (3)

dcsvg.patch download (196 bytes) - added by ludo 12 months ago.
dcsvg.cpp download (20.4 KB) - added by ludo 12 months ago.
dcsvg_old.cpp download (20.3 KB) - added by ludo 12 months ago.

Download all attachments as: .zip

Change History (7)

comment:1 Changed 12 months ago by vadz

  • Component changed from wxMSW to GUI-all
  • Keywords simple added
  • Status changed from new to confirmed
  • Summary changed from wxsvgdc has a problem if input string contains xml illegal characters to wxSVGFileDC doesn't quote special XML characters in DrawText()

Yes, we definitely should escape this text here. And we even already have the code to do it in wxMarkupParser::Quote(), see
source:wxWidgets/trunk/include/wx/private/markupparser.h. So we just need to insert the call to this function to wxSVGFileDCImpl::DoDrawRotatedText(). If you can do this, test that it works and submit a patch with this change, it would be great.

Changed 12 months ago by ludo

Changed 12 months ago by ludo

Changed 12 months ago by ludo

comment:2 Changed 12 months ago by ludo

Thank you for the guidance. It worked exactly as you wrote it. I attached a patch generated with ExamDiff, and as I am not used to it, just in case the patch cannot be used, the old and the new version. Thanks again for being so precise.
Ludovic Aubert

comment:3 Changed 12 months ago by vadz

Thanks, the patch indeed can't be used because you must make them in unified diff format as explained in HowToSubmitPatches and include the full file path, but it's simple enough to be applied manually.

FWIW I'm sure that any decent diff viewer (which ExamDiff appears to be) should be able to produce them but if not, you can always just use svn diff.

Anyhow, thanks again for finding and fixing this bug!

comment:4 Changed 12 months ago by VZ

  • Resolution set to fixed
  • Status changed from confirmed to closed

(In [75068]) Fix special characters handling in wxSVGFileDC::DrawText().

Special XML characters need to be quoted before being saved in an SVG file
(which is also an XML file).

Closes #15602.

Note: See TracTickets for help on using tickets.