search

google / cap-library

Common Alerting Protocol Library
Apache License 2.0
80 stars 30 forks source link

Correctly alert character-escape issues #46

Closed sschiavoni closed 9 years ago

sschiavoni commented 9 years ago

Original issue 47 created by yuch@google.com on 2013-12-11T21:09:36.000Z:

What steps will reproduce the problem? 0 See alert below, line 25 did not escape &

What is the expected output? What do you see instead?

Example CAP: <?xml version="1.0" encoding="UTF-8"?> <alert xmlns="urn:oasis:names:tc:emergency:cap:1.2"> <identifier>CWB-EQ102152</identifier> <sender>cwb@scman.cwb.gov.tw</sender> <sent>2013-11-16T03:45:35+08:00</sent> <status>Actual</status> <msgType>Alert</msgType> <source>CWB</source> <scope>Public</scope> <info> <language>zh-TW</language> <category>Geo</category> <event>地震</event> <urgency>Past</urgency> <severity>Minor</severity> <certainty>Observed</certainty> <eventCode> <valueName>profile:CAP-TWP:Event:1.0</valueName> <value>earthquake</value> </eventCode> <expires>2013-11-16T11:45:35+08:00</expires> <senderName>中央氣象局</senderName> <headline>地震報告</headline> <description>11/16-03:39臺灣東部海域發生規模5.2有感地震,最大震度花蓮縣花蓮市、宜蘭縣南澳、彰化縣彰化市、雲林縣斗六市、臺中市大肚2級。</description> <web>http://scweb.cwb.gov.tw/GraphicContent.aspx?ItemId=49&amp;fileString=2013111603391752152&lt;/web&gt; <parameter> <valueName>alert_title</valueName> <value>地震報告</value> </parameter> <parameter> <valueName>alert_color</valueName> <value>綠色</value> </parameter> <parameter> <valueName>EventID</valueName> <value>102152</value> </parameter> <parameter> <valueName>EventOriginTime</valueName> <value>2013-11-16T03:39:17+08:00</value> </parameter> <parameter> <valueName>EventLatLon</valueName> <value>23.919,122.443 0.000</value> </parameter> <parameter> <valueName>EventLocationName</valueName> <value>臺灣東部海域</value> </parameter> <parameter> <valueName>EventDepth</valueName> <value>16.9公里</value> </parameter> <parameter> <valueName>EventMagnitudeDescription</valueName> <value>M5.2</value> </parameter> <parameter> <valueName>EventPublisher</valueName> <value>中央氣象局</value> </parameter> <parameter> <valueName>LocalMaxIntensity</valueName> <value>2級;"花蓮縣";Taiwan_Geocode_100;10015;;;"CAP-EQ:1.0"</value> </parameter> <parameter> <valueName>LocalMaxIntensity</valueName> <value>2級;"宜蘭縣";Taiwan_Geocode_100;10002;;;"CAP-EQ:1.0"</value> </parameter> <parameter> <valueName>LocalMaxIntensity</valueName> <value>2級;"彰化縣";Taiwan_Geocode_100;10007;;;"CAP-EQ:1.0"</value> </parameter> <parameter> <valueName>LocalMaxIntensity</valueName> <value>2級;"雲林縣";Taiwan_Geocode_100;10009;;;"CAP-EQ:1.0"</value> </parameter> <parameter> <valueName>LocalMaxIntensity</valueName> <value>2級;"臺中市";Taiwan_Geocode_100;66;;;"CAP-EQ:1.0"</value> </parameter> <parameter> <valueName>LocalMaxIntensity</valueName> <value>1級;"南投縣";Taiwan_Geocode_100;10008;;;"CAP-EQ:1.0"</value> </parameter> <parameter> <valueName>LocalMaxIntensity</valueName> <value>1級;"臺東縣";Taiwan_Geocode_100;10014;;;"CAP-EQ:1.0"</value> </parameter> <parameter> <valueName>LocalMaxIntensity</valueName> <value>1級;"新北市";Taiwan_Geocode_100;65;;;"CAP-EQ:1.0"</value> </parameter> <parameter> <valueName>LocalMaxIntensity</valueName> <value>1級;"苗栗縣";Taiwan_Geocode_100;10005;;;"CAP-EQ:1.0"</value> </parameter> <parameter> <valueName>LocalMaxIntensity</valueName> <value>1級;"嘉義市";Taiwan_Geocode_100;10020;;;"CAP-EQ:1.0"</value> </parameter> <parameter> <valueName>LocalMaxIntensity</valueName> <value>1級;"臺北市";Taiwan_Geocode_100;63;;;"CAP-EQ:1.0"</value> </parameter> <parameter> <valueName>LocalMaxIntensity</valueName> <value>1級;"嘉義縣";Taiwan_Geocode_100;10010;;;"CAP-EQ:1.0"</value> </parameter> <parameter> <valueName>LocalMaxIntensity</valueName> <value>1級;"新竹縣";Taiwan_Geocode_100;10004;;;"CAP-EQ:1.0"</value> </parameter> <parameter> <valueName>LocalMaxIntensity</valueName> <value>1級;"臺南市";Taiwan_Geocode_100;67;;;"CAP-EQ:1.0"</value> </parameter> <resource> <resourceDesc>等震度圖</resourceDesc> <mimeType>image/gif</mimeType> <uri>http://scweb.cwb.gov.tw/webdata/drawTrace/plotContour/2013/2013152.gif&lt;/uri&gt; </resource> <resource> <resourceDesc>地震報告圖</resourceDesc> <mimeType>image/gif</mimeType> <uri>http://scweb.cwb.gov.tw/webdata/OLDEQ/201311/2013111603391752152.gif&lt;/uri&gt; </resource> <area> <areaDesc>花蓮縣政府東方 84.1 公里 (位於臺灣東部海域)</areaDesc> <circle>23.919,122.443 0.000</circle> </area> <area> <areaDesc>最大震度2級地區</areaDesc> <geocode> <valueName>Taiwan_Geocode_100</valueName> <value>10015</value> </geocode> <geocode> <valueName>Taiwan_Geocode_100</valueName> <value>10002</value> </geocode> <geocode> <valueName>Taiwan_Geocode_100</valueName> <value>10007</value> </geocode> <geocode> <valueName>Taiwan_Geocode_100</valueName> <value>10009</value> </geocode> <geocode> <valueName>Taiwan_Geocode_100</valueName> <value>66</value> </geocode> </area> <area> <areaDesc>最大震度1級地區</areaDesc> <geocode> <valueName>Taiwan_Geocode_100</valueName> <value>10008</value> </geocode> <geocode> <valueName>Taiwan_Geocode_100</valueName> <value>10014</value> </geocode> <geocode> <valueName>Taiwan_Geocode_100</valueName> <value>65</value> </geocode> <geocode> <valueName>Taiwan_Geocode_100</valueName> <value>10005</value> </geocode> <geocode> <valueName>Taiwan_Geocode_100</valueName> <value>10020</value> </geocode> <geocode> <valueName>Taiwan_Geocode_100</valueName> <value>63</value> </geocode> <geocode> <valueName>Taiwan_Geocode_100</valueName> <value>10010</value> </geocode> <geocode> <valueName>Taiwan_Geocode_100</valueName> <value>10004</value> </geocode> <geocode> <valueName>Taiwan_Geocode_100</valueName> <value>67</value> </geocode> </area> </info> </alert>

azamanyan commented 9 years ago

Posting an additional shorter example:

Load the "CAP 1.2 Severe Thunderstorm Warning" example from http://cap-validator.appspot.com/ and add an ampersand in the text section.

includes an unescaped ampersand (&); however, the error reported is: "ERROR | XML parser Invalid XML: Error on line 31: The entity name must immediately follow the '&' in the entity reference."
sschiavoni commented 9 years ago

@azamanyan, the error you are getting seems correct to me. Every time you have a & in your XML, it can either be (i) the beginning of an HTML entity, (ii) an unescaped &, that should have been escaped. The XML parser is throwing a message preferring option (i).

If you want, we can change the wording, also keeping in mind that HTML entities are disallowed in CAP, but overall, the error message makes sense and is reported on the correct line (which is something that was reported in the original bug as well, but is obsolete).

azamanyan commented 9 years ago

Good point. I will resolve this bug.