search

ACRA / acra-storage

GNU General Public License v3.0
49 stars 32 forks source link

RSS description not escaped #8

Closed jendib closed 8 years ago

jendib commented 10 years ago

I have this kind of data in the RSS feed:

<description>
<p>app_version: 1.3.3</p>
<p>android_version: 4.4.2</p>
<p>device: LGE google Nexus 4</p>
<p>crash line: android.view.InflateException: Binary XML file line #1: Error inflating class <unknown> at com.sismics.reader.ui.adapter.SubscriptionAdapter.getView(SubscriptionAdapter.java:86)</p>
</description>

As you can see, there is a fake <unknown> tag in the error generated by Android, which causes the feed to be invalid. The content of <description> needs to be escaped.

halkeye commented 10 years ago

https://github.com/ACRA/acra-storage/blob/master/lists/rss.js <-- looks like nothing is escaped.

If @KevinGaudin doesn't get to it first, I'll try to get my dev env setup again tonight, It looks like an easy one to try and get back into it.

jendib commented 10 years ago

Great thank you!

jendib commented 10 years ago

This is great, thank you very much for both commits :+1:

jendib commented 10 years ago

Hmm, it seems it's not quite over, the title needs to be escaped too:

<title>
  android.view.InflateException: Binary XML file line #1: Error inflating class <unknown> : at
  com.sismics.reader.ui.adapter.SubscriptionAdapter.getView(SubscriptionAdapter.java:86)
</title>
halkeye commented 10 years ago

boo. Would you be up for throwing up a test record that doesn't work so I can test easier?

jendib commented 10 years ago

Do you have an email address? There is some sensitive data in it :)

halkeye commented 10 years ago

yea sure, halkeye@gmail.com works fine

halkeye commented 8 years ago

should this be closed before its merged?