[Varnish] #413: Incorect handling of escape in esi:include src attribute

Varnish varnish-bugs at projects.linpro.no
Sat Dec 20 07:20:26 CET 2008

#413: Incorect handling of escape in esi:include src attribute
 Reporter:  andrewmcnnz  |       Owner:  phk       
     Type:  defect       |      Status:  new       
 Priority:  normal       |   Milestone:            
Component:  varnishd     |     Version:  2.0       
 Severity:  normal       |    Keywords:  esi escape
 I'm seeing the following bug in Varnish 2.0.2, compiled from source on

 The following syntax is incorrect as it is not well formed xml:
    <esi:include src="/foo?a=b&c=d" />

 The problem is the '&' which should be escaped like so:
    <esi:include src="/foo?a=b&c=d" />


 However it seems that Varnish does not unescape the html entity before
 interpreting the URL, and the wrong request arguments are sent. ie the cgi
 string as sent by varnishd is identical to how it appears in the
 esi:include src attribute text.

 Failure to escape ampersands in urls embedded in html is an extremely
 common bug, and quite probably should be interpreted generously, but
 correct code must be allowed to work also.

 I'm working around this by ';' delimiters, which is recommended practice,
 if not common.  Shouldn't be necessary though.

Ticket URL: <http://varnish.projects.linpro.no/ticket/413>
Varnish <http://varnish.projects.linpro.no/>
The Varnish HTTP Accelerator

More information about the varnish-bugs mailing list