Malformed XML render when href includes forbidden URI/URL chars

JCallicoat commented 11 years ago

Specifically, when you do a ?where={...} query with page=n and accept:text/xml request header, when n is greater than the results, you get a link to the previous page including the "?where" query, unquoted. In that case, you get an XML parsing exception due to the link href including literal {.

#!/usr/bin env python
import requests
from xml.dom.minidom import parseString

headers = {'accept': 'text/xml'}
bad_link = 'http://eve-demo.herokuapp.com/people/' \
           '?where={"lastname":"Doe"}&page=2'

# xml.parsers.expat.ExpatError: not well-formed (invalid token)
parseString(requests.get(bad_link, headers=headers).text)

Instead of xml.sax.saxutils.escape, you probably want urllib.quote to quote the hrefs.

nicolaiarocci commented 11 years ago

Good catch! Would you please repost this on the eve repo where it belongs? Thanks!

JCallicoat commented 11 years ago

Whoops! Meant to file it over there! Done.

nicolaiarocci commented 11 years ago

https://github.com/nicolaiarocci/eve/issues/99

pyeve / eve-demo

Malformed XML render when href includes forbidden URI/URL chars #3