Opened 5 years ago

Last modified 5 years ago

#8016 new defect

ismindex doesn't handle input filenames or urls containing '&' characters correctly.

Reported by: Juha Syrjälä Owned by:
Priority: normal Component: undetermined
Version: git-master Keywords: ismindex
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

ismindex doesn't handle input filenames or urls containing & characters correctly.

Running command:

ismindex -n foobar 'foo&bar.ismv'

Creates this 'foobar.ism' file with following contents:

<?xml version="1.0" encoding="utf-8"?>
<smil xmlns="http://www.w3.org/2001/SMIL20/Language">
        <head>
                <meta name="clientManifestRelativePath" content="foobar.ismc" />
        </head>
        <body>
                <switch>
                        <video src="foo&bar.ismv" systemBitrate="307228">
                                <param name="trackID" value="1" valueType="data" />
                        </video>
                </switch>
        </body>
</smil>

Notice src="foo&bar.ismv" in <video> tag. This is not valid XML. & and some other characters should be escaped.

See: https://stackoverflow.com/questions/5709232/how-do-i-include-etc-in-xml-attribute-values

So the value should be src="foo&amp;bar.ism" according to XML specification.

This causes issues in real world apps when you are using URLs as input.
For example this kind of command would also create invalid .ism file.

ismindex -n foobar https://example.com/something?file=foobar&type=ismv

Change History (3)

comment:2 by Carl Eugen Hoyos, 5 years ago

Please confirm that the issue is reproducible with current FFmpeg git head, the only version supported on this bug tracker.

comment:3 by Juha Syrjälä, 5 years ago

Keywords: ismindex added
Version: 4.1git-master

I tested and verified that the issue happens also with current git master (commit 60e6db2f5bf6136ae4b603c3e5ee6697d47b1ef1).

Note: See TracTickets for help on using tickets.