Fixed #20197 -- Made XML serializer fail loudly when outputting unserializable chars

Thanks Tim Graham for the review.
2025-10-24 22:26:08 +00:00 · 2015-06-19 08:42:48 +02:00
parent b769bbd4f6
commit 9368f51e12
5 changed files with 49 additions and 2 deletions
--- a/docs/releases/1.9.txt
+++ b/docs/releases/1.9.txt
@@ -720,6 +720,10 @@ Miscellaneous
 * Private function ``django.utils.functional.total_ordering()`` has been
  removed. It contained a workaround for a ``functools.total_ordering()`` bug
  in Python versions older than 2.7.3.
+* XML serialization (either through :djadmin:`dumpdata` or the syndication
+  framework) used to output any characters it received. Now if the content to
+  be serialized contains any control characters not allowed in the XML 1.0
+  standard, the serialization will fail with a :exc:`ValueError`.

 .. _deprecated-features-1.9:

--- a/docs/topics/serialization.txt
+++ b/docs/topics/serialization.txt
@@ -213,6 +213,16 @@ the auth.User model has such a relation to the auth.Permission model::

 This example links the given user with the permission models with PKs 46 and 47.

+.. admonition:: Control characters
+
+    .. versionchanged:: 1.9
+
+    If the content to be serialized contains control characters that are not
+    accepted in the XML 1.0 standard, the serialization will fail with a
+    :exc:`ValueError` exception. Read also the W3C's explanation of `HTML,
+    XHTML, XML and Control Codes
+    <http://www.w3.org/International/questions/qa-controls>`_.
+
 .. _serialization-formats-json:

 JSON