XML version of download page is invalid


Advanced search

Questions and Answers : Web site : XML version of download page is invalid
Message board moderation

To post messages, you must log in.

AuthorMessage
Andy Stevens

Send message
Joined: 2 Jul 99
Posts: 3
Credit: 287,811
RAC: 0
United Kingdom
Message 131573 - Posted: 2 Jul 2005, 11:04:08 UTC

On the client download page, there's a link to http://boinc.berkeley.edu/download.php?xml=1 for obtaining the download information in XML format. Following this link, I just get an error:
XML Parsing Error: not well-formed
Location: http://boinc.berkeley.edu/download.php?xml=1
Line Number 167, Column 33:    Linux/x86 [url=linux.php]<font>details[/url]
--------------------------------^

which is due to the 
<font>
element not being closed. The 
 element escapes its contents with e.g. 
<ul>
 rather than 
[list]
.  Perhaps the 
 element ought to as well?





        
ID: 131573 · Report as offensive

        

    
        

        
        
     Andy Stevens 
 
 Send message
Joined: 2 Jul 99
Posts: 3
Credit: 287,811
RAC: 0
United Kingdom

        		
        
        

    
 Message 131575 - Posted: 2 Jul 2005, 11:08:09 UTC 



        

    

            
Heh, I see that the XML tags I included in the [ code ] [ /code ] markup aren't being displayed as they're included verbatim in the HTML page.  You do realise this could make you vulnerable to cross-site scripting attacks, don't you?



Let's try a quick test with a javascript alert()...


alert('Testing vulnerability')






        
ID: 131575 · Report as offensive

        

    
        

        
        
     Andy Stevens 
 
 Send message
Joined: 2 Jul 99
Posts: 3
Credit: 287,811
RAC: 0
United Kingdom

        		
        
        

    
 Message 131576 - Posted: 2 Jul 2005, 11:10:08 UTC 



        

    

            
Well, at least it strips out the script tags.  That's something I suppose.  The other contents of the code bbcode tags still ought to be escaped, though.





        
ID: 131576 · Report as offensive

        

    
        

        
        
     John McLeod VII 
Volunteer developer
Volunteer tester
Avatar
 
 Send message
Joined: 15 Jul 99
Posts: 24806
Credit: 790,712
RAC: 0
United States

        		
        
        

    
 Message 132252 - Posted: 4 Jul 2005, 1:10:03 UTC  - in response to Message 131576.   



        

    

            
Well, at least it strips out the script tags.  That's something I suppose.  The other contents of the code bbcode tags still ought to be escaped, though.




The BB is in the process of switching from HTML to BB tags.  At the moment, BOTH are active, but HTML parsing will be removed in the (near?) future.
 

 

BOINC WIKI


        
ID: 132252 · Report as offensive

        

    
        

        
        
     Profile C167 
Volunteer tester
Avatar
 
 Send message
Joined: 2 Sep 04
Posts: 9
Credit: 38,860
RAC: 0
Germany

        		
        
        

    
 Message 132432 - Posted: 4 Jul 2005, 12:48:00 UTC  - in response to Message 131575.   



        

    

            
now, but where's the error? I copyed the file to UltraEdit and searched for open tags, but no result!



C167



        
ID: 132432 · Report as offensive

        

    

        

    

            Questions and Answers : 
            Web site : 
        XML version of download page is invalid



        

        
        
 

        ©2024 University of California
        
 

        SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.