pywps icon indicating copy to clipboard operation
pywps copied to clipboard
verified publisher icon geopython

Unsafe use of CDATA for geojson or json data encoding

Open gschwind opened this issue 3 years ago • 0 comments

Description

ComplexInput._json_data encode geojson to json using CDATA, but it's unsafe since geojson may use "]]>" inside string or key and CDATA forbid this.

Environment

  • operating system: all
  • Python version: all
  • PyWPS version: pywps-4.4
  • source/distribution
  • [x] git clone
  • [ ] Debian
  • [ ] PyPI
  • [ ] zip/tar.gz
  • [ ] other (please specify):
  • web server
  • [x] Apache/mod_wsgi
  • [ ] CGI
  • [ ] other (please specify):

Steps to Reproduce

Additional Information

gschwind avatar Mar 13 '22 13:03 gschwind