geopython / pywps

PyWPS is an implementation of the Web Processing Service standard from the Open Geospatial Consortium. PyWPS is written in Python.

https://pywps.org

MIT License

178 stars 117 forks source link

Unsafe use of CDATA for geojson or json data encoding #648

Open gschwind opened 2 years ago

gschwind commented 2 years ago

Description

ComplexInput._json_data encode geojson to json using CDATA, but it's unsafe since geojson may use "]]>" inside string or key and CDATA forbid this.

Environment

operating system: all
Python version: all
PyWPS version: pywps-4.4
source/distribution
- [x] git clone
- [ ] Debian
- [ ] PyPI
- [ ] zip/tar.gz
- [ ] other (please specify):
web server
- [x] Apache/mod_wsgi
- [ ] CGI
- [ ] other (please specify):

Steps to Reproduce

Additional Information