r23598 - gnucash/trunk/src/backend/xml - Bug 710824 - GnuCash should sanitise UTF-8 before serialising files

Derek Atkins warlord at MIT.EDU
Fri Dec 27 09:48:22 EST 2013

John Ralls <jralls at ceridwen.us> writes:

>> Potentially true for the current set of databases, but it does mean that
>> if you go from SQL -> XML -> SQL then the resulting second SQL will not
>> be the same as the first.
> Well, there are two "right" solutions: One is to get libxml2 to
> convert those characters into entities. I'll see if there's already a
> bug for that and file one if there isn't. The other is to filter them
> out at input, which I've already done for OFX import. I can't think of
> a use-case where those characters would be useful in one of our
> fields. That should be extracted into an input module that's called by
> everything that brings in text from outside of GnuCash, including the
> GUI. After all, bug 710824 itself probably was caused by a
> copy-and-paste error.

Exactly, all Input should be sanitized.
The QIF importer can also have issues (although I think that was fixed,

The OFX importer has a bigger architectural issue in that is actually
modifies the Book before you commit the import.  :(

> Regards,
> John Ralls


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the gnucash-devel mailing list