Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-4179

Unescaped XML character in pull request comment

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Medium
    • None
    • None
    • None
    • None

    Description

      I'm not sure in which exact situations this happens, but if you add a comment like this to a pull request, you end up with an error and the pull request can no longer be cleanly open.

      xxx "failed at <Profile at 0x54234845>"

      Stash fails with this error:

      2013-12-06 10:23:39,979 ERROR [http-bio-127.0.0.1-7990-exec-3] llalinsky 623x91046x0 5v6e7f 195.46.73.2,127.0.0.1 "GET /rest/api/latest/projects/WC/repos/deploy/pull-requests/46/activities HTTP/1.0" c.a.s.r.e.UnhandledExceptionMapper Unhandled exception while processing REST call
java.lang.RuntimeException: org.owasp.validator.html.ScanException: org.w3c.dom.DOMException: INVALID_CHARACTER_ERR: An invalid or illegal XML character is specified. 
        at com.atlassian.markup.internal.MarkupFactoryImpl$AntiSamyParser.clean(MarkupFactoryImpl.java:98) ~[na:na]
        at com.atlassian.markup.internal.MarkupFactoryImpl$AntiSamyParser.markup(MarkupFactoryImpl.java:91) ~[na:na]
        at com.atlassian.stash.internal.markup.DefaultMarkupService$2.apply(DefaultMarkupService.java:78) ~[stash-service-impl-2.9.2.jar:na]
        at com.atlassian.stash.internal.markup.DefaultMarkupService$2.apply(DefaultMarkupService.java:75) ~[stash-service-impl-2.9.2.jar:na]
        at com.atlassian.markup.renderer.impl.MarkupRendererImpl.render(MarkupRendererImpl.java:42) ~[atlassian-markup-renderer-0.2.3.jar:na]
        at com.atlassian.stash.internal.markup.DefaultMarkupService.render(DefaultMarkupService.java:58) ~[stash-service-impl-2.9.2.jar:na]
        at com.atlassian.stash.rest.enrich.DefaultMarkupEnricher.render(DefaultMarkupEnricher.java:42) ~[stash-rest-common-2.9.2.jar:na]
        at com.atlassian.stash.rest.enrich.DefaultMarkupEnricher.access$000(DefaultMarkupEnricher.java:14) ~[stash-rest-common-2.9.2.jar:na]
        at com.atlassian.stash.rest.enrich.DefaultMarkupEnricher$1.apply(DefaultMarkupEnricher.java:31) ~[stash-rest-common-2.9.2.jar:na]
        at com.atlassian.stash.rest.util.RestUtils.processEntities(RestUtils.java:193) ~[stash-rest-common-2.9.2.jar:na]
        at com.atlassian.stash.rest.util.RestUtils.processEntities(RestUtils.java:206) ~[stash-rest-common-2.9.2.jar:na]
        at com.atlassian.stash.rest.util.RestUtils.processEntities(RestUtils.java:206) ~[stash-rest-common-2.9.2.jar:na]
        at com.atlassian.stash.rest.util.RestUtils.processEntities(RestUtils.java:206) ~[stash-rest-common-2.9.2.jar:na]
        at com.atlassian.stash.rest.enrich.DefaultMarkupEnricher.enrich(DefaultMarkupEnricher.java:26) ~[stash-rest-common-2.9.2.jar:na]
        at com.atlassian.stash.internal.rest.filter.MarkupResourceFilterFactory$1.filter(MarkupResourceFilterFactory.java:23) ~[stash-rest-2.9.2.jar:na]
        at com.atlassian.stash.rest.util.AbstractResourceFilterFactory$ResourceFilterEx.filter(AbstractResourceFilterFactory.java:49) ~[stash-rest-common-2.9.2.jar:na]
        at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:25) [applinks-plugin-4.0.5_1384118240000.jar:na]
        at com.atlassian.stash.internal.spring.security.StashAuthenticationFilter.doFilter(StashAuthenticationFilter.java:90) [StashAuthenticationFilter.class:na]
        at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doInsideSpringSecurityChain(BeforeLoginPluginAuthenticationFilter.java:111) [BeforeLoginPluginAuthenticationFilter.class:na]
        at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:77) [BeforeLoginPluginAuthenticationFilter.class:na]
        at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:100) [atlassian-trusted-apps-core-3.0.2.jar:na]
        at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:61) [atlassian-oauth-service-provider-plugin-1.9.0-m3_1384118242000.jar:na]
        at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:89) [BeforeLoginPluginAuthenticationFilter.class:na]
        at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:75) [BeforeLoginPluginAuthenticationFilter.class:na]
        at com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:72) [stash-service-impl-2.9.2.jar:na]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [na:1.6.0_20]
        at java.lang.Thread.run(Thread.java:636) [na:1.6.0_20]
        ... 225 frames trimmed
Caused by: org.owasp.validator.html.ScanException: org.w3c.dom.DOMException: INVALID_CHARACTER_ERR: An invalid or illegal XML character is specified. 
        at org.owasp.validator.html.scan.AntiSamyDOMScanner.scan(AntiSamyDOMScanner.java:174) ~[na:na]
        at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:113) ~[na:na]
        at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:92) ~[na:na]
        at com.atlassian.markup.internal.MarkupFactoryImpl$AntiSamyParser.clean(MarkupFactoryImpl.java:96) ~[na:na]
        ... 27 common frames omitted
Caused by: org.w3c.dom.DOMException: INVALID_CHARACTER_ERR: An invalid or illegal XML character is specified. 
        at org.apache.xerces.dom.CoreDocumentImpl.createAttribute(Unknown Source) ~[xercesImpl-2.9.1.jar:na]
        at org.apache.xerces.dom.ElementImpl.setAttribute(Unknown Source) ~[xercesImpl-2.9.1.jar:na]
        at org.cyberneko.html.parsers.DOMFragmentParser.startElement(DOMFragmentParser.java:433) ~[nekohtml-1.9.7.jar:na]
        at org.cyberneko.html.HTMLTagBalancer.callStartElement(HTMLTagBalancer.java:1019) ~[nekohtml-1.9.7.jar:1.9.7]
        at org.cyberneko.html.HTMLTagBalancer.startElement(HTMLTagBalancer.java:652) ~[nekohtml-1.9.7.jar:1.9.7]
        at org.cyberneko.html.filters.DefaultFilter.startElement(DefaultFilter.java:136) ~[nekohtml-1.9.7.jar:na]
        at org.cyberneko.html.filters.NamespaceBinder.startElement(NamespaceBinder.java:278) ~[nekohtml-1.9.7.jar:na]
        at org.cyberneko.html.HTMLScanner$ContentScanner.scanStartElement(HTMLScanner.java:2680) ~[nekohtml-1.9.7.jar:1.9.7]
        at org.cyberneko.html.HTMLScanner$ContentScanner.scan(HTMLScanner.java:2012) ~[nekohtml-1.9.7.jar:1.9.7]
        at org.cyberneko.html.HTMLScanner.scanDocument(HTMLScanner.java:910) ~[nekohtml-1.9.7.jar:1.9.7]
        at org.cyberneko.html.HTMLConfiguration.parse(HTMLConfiguration.java:499) ~[nekohtml-1.9.7.jar:1.9.7]
        at org.cyberneko.html.HTMLConfiguration.parse(HTMLConfiguration.java:452) ~[nekohtml-1.9.7.jar:1.9.7]
        at org.cyberneko.html.parsers.DOMFragmentParser.parse(DOMFragmentParser.java:166) ~[nekohtml-1.9.7.jar:na]
        at org.owasp.validator.html.scan.AntiSamyDOMScanner.scan(AntiSamyDOMScanner.java:172) ~[na:na]
        ... 30 common frames omitted

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. BSERV-3829 Stash treats "<char - >" as an invalid or illegal XML character in the comments

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              fe5a59733cee Lukáš Lalinský
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: