From d4e1910040a2f50c1786f5cee4661c3d5d41366d Mon Sep 17 00:00:00 2001 From: Jean Berniolles Date: Wed, 24 Nov 2021 16:31:45 +0000 Subject: [PATCH] Restrict escaped entities per XML 1.0 specification rev5 (search 'Well-formedness constraint: Entity Declared' in document) --- src/utils.cpp | 253 -------------------------------------------------- 1 file changed, 253 deletions(-) diff --git a/src/utils.cpp b/src/utils.cpp index b76e7a530e..050dbf3214 100644 --- a/src/utils.cpp +++ b/src/utils.cpp @@ -1807,264 +1807,11 @@ string escapewebdavchar(const char c) static std::map escapesec; if (unintitialized) { - escapesec[33] = "!"; // ! //For some reason &Exclamation; was not properly handled (crashed) by gvfsd-dav escapesec[34] = """; // " - escapesec[37] = "%"; // % escapesec[38] = "&"; // & escapesec[39] = "'"; // ' - escapesec[43] = "&add;"; // + escapesec[60] = "<"; // < - escapesec[61] = "="; // = //For some reason &equal; was not properly handled (crashed) by gvfsd-dav escapesec[62] = ">"; // > - escapesec[160] = " "; //NO-BREAK SPACE - escapesec[161] = "¡"; //INVERTED EXCLAMATION MARK - escapesec[162] = "¢"; //CENT SIGN - escapesec[163] = "£"; //POUND SIGN - escapesec[164] = "¤"; //CURRENCY SIGN - escapesec[165] = "¥"; //YEN SIGN - escapesec[166] = "¦"; //BROKEN BAR - escapesec[167] = "§"; //SECTION SIGN - escapesec[168] = "¨"; //DIAERESIS - escapesec[169] = "©"; //COPYRIGHT SIGN - escapesec[170] = "ª"; //FEMININE ORDINAL INDICATOR - escapesec[171] = "«"; //LEFT-POINTING DOUBLE ANGLE QUOTATION MARK - escapesec[172] = "¬"; //NOT SIGN - escapesec[173] = "­"; //SOFT HYPHEN - escapesec[174] = "®"; //REGISTERED SIGN - escapesec[175] = "¯"; //MACRON - escapesec[176] = "°"; //DEGREE SIGN - escapesec[177] = "±"; //PLUS-MINUS SIGN - escapesec[178] = "²"; //SUPERSCRIPT TWO - escapesec[179] = "³"; //SUPERSCRIPT THREE - escapesec[180] = "´"; //ACUTE ACCENT - escapesec[181] = "µ"; //MICRO SIGN - escapesec[182] = "¶"; //PILCROW SIGN - escapesec[183] = "·"; //MIDDLE DOT - escapesec[184] = "¸"; //CEDILLA - escapesec[185] = "¹"; //SUPERSCRIPT ONE - escapesec[186] = "º"; //MASCULINE ORDINAL INDICATOR - escapesec[187] = "»"; //RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK - escapesec[188] = "¼"; //VULGAR FRACTION ONE QUARTER - escapesec[189] = "½"; //VULGAR FRACTION ONE HALF - escapesec[190] = "¾"; //VULGAR FRACTION THREE QUARTERS - escapesec[191] = "¿"; //INVERTED QUESTION MARK - escapesec[192] = "À"; //LATIN CAPITAL LETTER A WITH GRAVE - escapesec[193] = "Á"; //LATIN CAPITAL LETTER A WITH ACUTE - escapesec[194] = "Â"; //LATIN CAPITAL LETTER A WITH CIRCUMFLEX - escapesec[195] = "Ã"; //LATIN CAPITAL LETTER A WITH TILDE - escapesec[196] = "Ä"; //LATIN CAPITAL LETTER A WITH DIAERESIS - escapesec[197] = "Å"; //LATIN CAPITAL LETTER A WITH RING ABOVE - escapesec[198] = "Æ"; //LATIN CAPITAL LETTER AE - escapesec[199] = "Ç"; //LATIN CAPITAL LETTER C WITH CEDILLA - escapesec[200] = "È"; //LATIN CAPITAL LETTER E WITH GRAVE - escapesec[201] = "É"; //LATIN CAPITAL LETTER E WITH ACUTE - escapesec[202] = "Ê"; //LATIN CAPITAL LETTER E WITH CIRCUMFLEX - escapesec[203] = "Ë"; //LATIN CAPITAL LETTER E WITH DIAERESIS - escapesec[204] = "Ì"; //LATIN CAPITAL LETTER I WITH GRAVE - escapesec[205] = "Í"; //LATIN CAPITAL LETTER I WITH ACUTE - escapesec[206] = "Î"; //LATIN CAPITAL LETTER I WITH CIRCUMFLEX - escapesec[207] = "Ï"; //LATIN CAPITAL LETTER I WITH DIAERESIS - escapesec[208] = "Ð"; //LATIN CAPITAL LETTER ETH - escapesec[209] = "Ñ"; //LATIN CAPITAL LETTER N WITH TILDE - escapesec[210] = "Ò"; //LATIN CAPITAL LETTER O WITH GRAVE - escapesec[211] = "Ó"; //LATIN CAPITAL LETTER O WITH ACUTE - escapesec[212] = "Ô"; //LATIN CAPITAL LETTER O WITH CIRCUMFLEX - escapesec[213] = "Õ"; //LATIN CAPITAL LETTER O WITH TILDE - escapesec[214] = "Ö"; //LATIN CAPITAL LETTER O WITH DIAERESIS - escapesec[215] = "×"; //MULTIPLICATION SIGN - escapesec[216] = "Ø"; //LATIN CAPITAL LETTER O WITH STROKE - escapesec[217] = "Ù"; //LATIN CAPITAL LETTER U WITH GRAVE - escapesec[218] = "Ú"; //LATIN CAPITAL LETTER U WITH ACUTE - escapesec[219] = "Û"; //LATIN CAPITAL LETTER U WITH CIRCUMFLEX - escapesec[220] = "Ü"; //LATIN CAPITAL LETTER U WITH DIAERESIS - escapesec[221] = "Ý"; //LATIN CAPITAL LETTER Y WITH ACUTE - escapesec[222] = "Þ"; //LATIN CAPITAL LETTER THORN - escapesec[223] = "ß"; //LATIN SMALL LETTER SHARP S - escapesec[224] = "à"; //LATIN SMALL LETTER A WITH GRAVE - escapesec[225] = "á"; //LATIN SMALL LETTER A WITH ACUTE - escapesec[226] = "â"; //LATIN SMALL LETTER A WITH CIRCUMFLEX - escapesec[227] = "ã"; //LATIN SMALL LETTER A WITH TILDE - escapesec[228] = "ä"; //LATIN SMALL LETTER A WITH DIAERESIS - escapesec[229] = "å"; //LATIN SMALL LETTER A WITH RING ABOVE - escapesec[230] = "æ"; //LATIN SMALL LETTER AE - escapesec[231] = "ç"; //LATIN SMALL LETTER C WITH CEDILLA - escapesec[232] = "è"; //LATIN SMALL LETTER E WITH GRAVE - escapesec[233] = "é"; //LATIN SMALL LETTER E WITH ACUTE - escapesec[234] = "ê"; //LATIN SMALL LETTER E WITH CIRCUMFLEX - escapesec[235] = "ë"; //LATIN SMALL LETTER E WITH DIAERESIS - escapesec[236] = "ì"; //LATIN SMALL LETTER I WITH GRAVE - escapesec[237] = "í"; //LATIN SMALL LETTER I WITH ACUTE - escapesec[238] = "î"; //LATIN SMALL LETTER I WITH CIRCUMFLEX - escapesec[239] = "ï"; //LATIN SMALL LETTER I WITH DIAERESIS - escapesec[240] = "ð"; //LATIN SMALL LETTER ETH - escapesec[241] = "ñ"; //LATIN SMALL LETTER N WITH TILDE - escapesec[242] = "ò"; //LATIN SMALL LETTER O WITH GRAVE - escapesec[243] = "ó"; //LATIN SMALL LETTER O WITH ACUTE - escapesec[244] = "ô"; //LATIN SMALL LETTER O WITH CIRCUMFLEX - escapesec[245] = "õ"; //LATIN SMALL LETTER O WITH TILDE - escapesec[246] = "ö"; //LATIN SMALL LETTER O WITH DIAERESIS - escapesec[247] = "÷"; //DIVISION SIGN - escapesec[248] = "ø"; //LATIN SMALL LETTER O WITH STROKE - escapesec[249] = "ù"; //LATIN SMALL LETTER U WITH GRAVE - escapesec[250] = "ú"; //LATIN SMALL LETTER U WITH ACUTE - escapesec[251] = "û"; //LATIN SMALL LETTER U WITH CIRCUMFLEX - escapesec[252] = "ü"; //LATIN SMALL LETTER U WITH DIAERESIS - escapesec[253] = "ý"; //LATIN SMALL LETTER Y WITH ACUTE - escapesec[254] = "þ"; //LATIN SMALL LETTER THORN - escapesec[255] = "ÿ"; //LATIN SMALL LETTER Y WITH DIAERESIS - escapesec[338] = "Œ"; //LATIN CAPITAL LIGATURE OE - escapesec[339] = "œ"; //LATIN SMALL LIGATURE OE - escapesec[352] = "Š"; //LATIN CAPITAL LETTER S WITH CARON - escapesec[353] = "š"; //LATIN SMALL LETTER S WITH CARON - escapesec[376] = "Ÿ"; //LATIN CAPITAL LETTER Y WITH DIAERESIS - escapesec[402] = "ƒ"; //LATIN SMALL LETTER F WITH HOOK - escapesec[710] = "ˆ"; //MODIFIER LETTER CIRCUMFLEX ACCENT - escapesec[732] = "˜"; //SMALL TILDE - escapesec[913] = "Α"; //GREEK CAPITAL LETTER ALPHA - escapesec[914] = "Β"; //GREEK CAPITAL LETTER BETA - escapesec[915] = "Γ"; //GREEK CAPITAL LETTER GAMMA - escapesec[916] = "Δ"; //GREEK CAPITAL LETTER DELTA - escapesec[917] = "Ε"; //GREEK CAPITAL LETTER EPSILON - escapesec[918] = "Ζ"; //GREEK CAPITAL LETTER ZETA - escapesec[919] = "Η"; //GREEK CAPITAL LETTER ETA - escapesec[920] = "Θ"; //GREEK CAPITAL LETTER THETA - escapesec[921] = "Ι"; //GREEK CAPITAL LETTER IOTA - escapesec[922] = "Κ"; //GREEK CAPITAL LETTER KAPPA - escapesec[923] = "Λ"; //GREEK CAPITAL LETTER LAMDA - escapesec[924] = "Μ"; //GREEK CAPITAL LETTER MU - escapesec[925] = "Ν"; //GREEK CAPITAL LETTER NU - escapesec[926] = "Ξ"; //GREEK CAPITAL LETTER XI - escapesec[927] = "Ο"; //GREEK CAPITAL LETTER OMICRON - escapesec[928] = "Π"; //GREEK CAPITAL LETTER PI - escapesec[929] = "Ρ"; //GREEK CAPITAL LETTER RHO - escapesec[931] = "Σ"; //GREEK CAPITAL LETTER SIGMA - escapesec[932] = "Τ"; //GREEK CAPITAL LETTER TAU - escapesec[933] = "Υ"; //GREEK CAPITAL LETTER UPSILON - escapesec[934] = "Φ"; //GREEK CAPITAL LETTER PHI - escapesec[935] = "Χ"; //GREEK CAPITAL LETTER CHI - escapesec[936] = "Ψ"; //GREEK CAPITAL LETTER PSI - escapesec[937] = "Ω"; //GREEK CAPITAL LETTER OMEGA - escapesec[945] = "α"; //GREEK SMALL LETTER ALPHA - escapesec[946] = "β"; //GREEK SMALL LETTER BETA - escapesec[947] = "γ"; //GREEK SMALL LETTER GAMMA - escapesec[948] = "δ"; //GREEK SMALL LETTER DELTA - escapesec[949] = "ε"; //GREEK SMALL LETTER EPSILON - escapesec[950] = "ζ"; //GREEK SMALL LETTER ZETA - escapesec[951] = "η"; //GREEK SMALL LETTER ETA - escapesec[952] = "θ"; //GREEK SMALL LETTER THETA - escapesec[953] = "ι"; //GREEK SMALL LETTER IOTA - escapesec[954] = "κ"; //GREEK SMALL LETTER KAPPA - escapesec[955] = "λ"; //GREEK SMALL LETTER LAMDA - escapesec[956] = "μ"; //GREEK SMALL LETTER MU - escapesec[957] = "ν"; //GREEK SMALL LETTER NU - escapesec[958] = "ξ"; //GREEK SMALL LETTER XI - escapesec[959] = "ο"; //GREEK SMALL LETTER OMICRON - escapesec[960] = "π"; //GREEK SMALL LETTER PI - escapesec[961] = "ρ"; //GREEK SMALL LETTER RHO - escapesec[962] = "ς"; //GREEK SMALL LETTER FINAL SIGMA - escapesec[963] = "σ"; //GREEK SMALL LETTER SIGMA - escapesec[964] = "τ"; //GREEK SMALL LETTER TAU - escapesec[965] = "υ"; //GREEK SMALL LETTER UPSILON - escapesec[966] = "φ"; //GREEK SMALL LETTER PHI - escapesec[967] = "χ"; //GREEK SMALL LETTER CHI - escapesec[968] = "ψ"; //GREEK SMALL LETTER PSI - escapesec[969] = "ω"; //GREEK SMALL LETTER OMEGA - escapesec[977] = "ϑ"; //GREEK THETA SYMBOL - escapesec[978] = "ϒ"; //GREEK UPSILON WITH HOOK SYMBOL - escapesec[982] = "ϖ"; //GREEK PI SYMBOL - escapesec[8194] = " "; //EN SPACE - escapesec[8195] = " "; //EM SPACE - escapesec[8201] = " "; //THIN SPACE - escapesec[8204] = "‌"; //ZERO WIDTH NON-JOINER - escapesec[8205] = "‍"; //ZERO WIDTH JOINER - escapesec[8206] = "‎"; //LEFT-TO-RIGHT MARK - escapesec[8207] = "‏"; //RIGHT-TO-LEFT MARK - escapesec[8211] = "–"; //EN DASH - escapesec[8212] = "—"; //EM DASH - escapesec[8213] = "―"; //HORIZONTAL BAR - escapesec[8216] = "‘"; //LEFT SINGLE QUOTATION MARK - escapesec[8217] = "’"; //RIGHT SINGLE QUOTATION MARK - escapesec[8218] = "‚"; //SINGLE LOW-9 QUOTATION MARK - escapesec[8220] = "“"; //LEFT DOUBLE QUOTATION MARK - escapesec[8221] = "”"; //RIGHT DOUBLE QUOTATION MARK - escapesec[8222] = "„"; //DOUBLE LOW-9 QUOTATION MARK - escapesec[8224] = "†"; //DAGGER - escapesec[8225] = "‡"; //DOUBLE DAGGER - escapesec[8226] = "•"; //BULLET - escapesec[8230] = "…"; //HORIZONTAL ELLIPSIS - escapesec[8240] = "‰"; //PER MILLE SIGN - escapesec[8242] = "′"; //PRIME - escapesec[8243] = "″"; //DOUBLE PRIME - escapesec[8249] = "‹"; //SINGLE LEFT-POINTING ANGLE QUOTATION MARK - escapesec[8250] = "›"; //SINGLE RIGHT-POINTING ANGLE QUOTATION MARK - escapesec[8254] = "‾"; //OVERLINE - escapesec[8260] = "⁄"; //FRACTION SLASH - escapesec[8364] = "€"; //EURO SIGN - escapesec[8465] = "ℑ"; //BLACK-LETTER CAPITAL I - escapesec[8472] = "℘"; //SCRIPT CAPITAL P - escapesec[8476] = "ℜ"; //BLACK-LETTER CAPITAL R - escapesec[8482] = "™"; //TRADE MARK SIGN - escapesec[8501] = "ℵ"; //ALEF SYMBOL - escapesec[8592] = "←"; //LEFTWARDS ARROW - escapesec[8593] = "↑"; //UPWARDS ARROW - escapesec[8594] = "→"; //RIGHTWARDS ARROW - escapesec[8595] = "↓"; //DOWNWARDS ARROW - escapesec[8596] = "↔"; //LEFT RIGHT ARROW - escapesec[8629] = "↵"; //DOWNWARDS ARROW WITH CORNER LEFTWARDS - escapesec[8656] = "⇐"; //LEFTWARDS DOUBLE ARROW - escapesec[8657] = "⇑"; //UPWARDS DOUBLE ARROW - escapesec[8658] = "⇒"; //RIGHTWARDS DOUBLE ARROW - escapesec[8659] = "⇓"; //DOWNWARDS DOUBLE ARROW - escapesec[8660] = "⇔"; //LEFT RIGHT DOUBLE ARROW - escapesec[8704] = "∀"; //FOR ALL - escapesec[8706] = "∂"; //PARTIAL DIFFERENTIAL - escapesec[8707] = "∃"; //THERE EXISTS - escapesec[8709] = "∅"; //EMPTY SET - escapesec[8711] = "∇"; //NABLA - escapesec[8712] = "∈"; //ELEMENT OF - escapesec[8713] = "∉"; //NOT AN ELEMENT OF - escapesec[8715] = "∋"; //CONTAINS AS MEMBER - escapesec[8719] = "∏"; //N-ARY PRODUCT - escapesec[8721] = "∑"; //N-ARY SUMMATION - escapesec[8722] = "−"; //MINUS SIGN - escapesec[8727] = "∗"; //ASTERISK OPERATOR - escapesec[8730] = "√"; //SQUARE ROOT - escapesec[8733] = "∝"; //PROPORTIONAL TO - escapesec[8734] = "∞"; //INFINITY - escapesec[8736] = "∠"; //ANGLE - escapesec[8743] = "∧"; //LOGICAL AND - escapesec[8744] = "∨"; //LOGICAL OR - escapesec[8745] = "∩"; //INTERSECTION - escapesec[8746] = "∪"; //UNION - escapesec[8747] = "∫"; //INTEGRAL - escapesec[8756] = "∴"; //THEREFORE - escapesec[8764] = "∼"; //TILDE OPERATOR - escapesec[8773] = "≅"; //APPROXIMATELY EQUAL TO - escapesec[8776] = "≈"; //ALMOST EQUAL TO - escapesec[8800] = "≠"; //NOT EQUAL TO - escapesec[8801] = "≡"; //IDENTICAL TO - escapesec[8804] = "≤"; //LESS-THAN OR EQUAL TO - escapesec[8805] = "≥"; //GREATER-THAN OR EQUAL TO - escapesec[8834] = "⊂"; //SUBSET OF - escapesec[8835] = "⊃"; //SUPERSET OF - escapesec[8836] = "⊄"; //NOT A SUBSET OF - escapesec[8838] = "⊆"; //SUBSET OF OR EQUAL TO - escapesec[8839] = "⊇"; //SUPERSET OF OR EQUAL TO - escapesec[8853] = "⊕"; //CIRCLED PLUS - escapesec[8855] = "⊗"; //CIRCLED TIMES - escapesec[8869] = "⊥"; //UP TACK - escapesec[8901] = "⋅"; //DOT OPERATOR - escapesec[8968] = "⌈"; //LEFT CEILING - escapesec[8969] = "⌉"; //RIGHT CEILING - escapesec[8970] = "⌊"; //LEFT FLOOR - escapesec[8971] = "⌋"; //RIGHT FLOOR - escapesec[9001] = "⟨"; //LEFT-POINTING ANGLE BRACKET - escapesec[9002] = "⟩"; //RIGHT-POINTING ANGLE BRACKET - escapesec[9674] = "◊"; //LOZENGE - escapesec[9824] = "♠"; //BLACK SPADE SUIT - escapesec[9827] = "♣"; //BLACK CLUB SUIT - escapesec[9829] = "♥"; //BLACK HEART SUIT - escapesec[9830] = "♦"; //BLACK DIAMOND SUIT unintitialized = false; }