dormi
commented
7 years ago In XML spec, not all unicode characters are allowed: https://www.w3.org/TR/2004/REC-xml-20040204/#NT-Char
If we rename the attached dradis-template.txt as dradis-template.xml and try to open it with google chrome, we see an error due to invalid characters being present.
The same happens when parsing that file with nokogiri gem.
As a first approach to this problem, we may filter invalid characters when generating xml files from dradis.
The idea would be to filter the first 32 unicode characters (control characters, except tabulation, next line and carriage return, that are allowed).
A list with those characters is available here: https://unicode-table.com/en/#control-character
etdsoft
djsekops
Steps to reproduce
Get some text with invalid characters, copy paste it in the browser to create an issue. In this example text file there is a simple text with invalid characters than can be used: test.txt This file was generated with vim, typing "Ctrl + V" + "Ctrl + A" + "Ctrl + V" + "Ctrl + B" + "T" + "e" + "s" + "t"
Export the project using the "Export results" top link (as a dradis project template would be enough)
try to import that exported file. An example of a file like this would be: dradis-template.txt
Expected behavior
The file shold be imported, the issue created.
Actual behavior
Import fails with error
Invalid project template format.Proposed solution
Looks like nokogiri has problems parsing the xml file if it has invalid characters. We may try to "validate" characters before writing them to database?
System configuration
Dradis version:: 3.6
Ruby version: 2.2
OS version: macOs Sierra