Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-21062

Filter out control characters from document properties

    XMLWordPrintable

    Details

      Description

      It is currently possible to enter control characters like UNICODE U+000B.
      Since those characters are invisible (though some editors show them) in browser display, customers may not notice it while entering a value (quick copy/paste is very likely to be the culprit).

      This results in a document that cannot be updated anymore (see screenshot cannotUpdate.png).

      The only workaround is then to update directly the field in the storage. In this example it was needed to manually issue an SQL statement to change the dc:title value attribute. For instance:

      update dublincore set title='titleNXP21062' where id='144538f5-0a24-4a6a-8451-f554b8ef866b';
      commit;

      This can also be seen when exporting the document as XML (see cannotUpdate.xml) and validating it using an XML validator (http://www.xmlvalidation.com/ in this case, see validationResult.png)

      In addition, characters like U+0000 cannot be written to a PostgreSQL database in a text field, and must be filtered too.

        Attachments

        1. cannotUpdate.png
          cannotUpdate.png
          147 kB
        2. validationResult.png
          validationResult.png
          193 kB
        3. cannotUpdate.xml
          2 kB
        4. cannotUpdateFirefox.png
          cannotUpdateFirefox.png
          99 kB

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 week
                  1w