Skip to content

Fix XML parameter encoding for SQL Server#38462

Open
Copilot wants to merge 9 commits into
mainfrom
copilot/fix-38429-sqlxml-parameters
Open

Fix XML parameter encoding for SQL Server#38462
Copilot wants to merge 9 commits into
mainfrom
copilot/fix-38429-sqlxml-parameters

Conversation

Copilot AI commented Jun 19, 2026
edited by AndriySvyryd
Loading

Copy link
Copy Markdown
Contributor

Fixes #38429

Unicode xml SQL literal: SqlServerStringTypeMapping now treats the xml store type as Unicode (_isUtf16 = true), so GenerateNonNullSqlLiteral emits an N-prefixed literal. It also sets DbType = Xml on the parameter and sends the value as SqlXml. Previously a non-Unicode (varchar) literal was generated for xml, silently losing non-ASCII content.

Copilot AI and others added 4 commits June 18, 2026 23:55
@AndriySvyryd
Send SQL Server xml parameters as SqlXml (fix #38429)
a17073c 
Co-authored-by: AndriySvyryd <6539701+AndriySvyryd@users.noreply.github.com>
@AndriySvyryd
Address review: cache XmlReaderSettings, use nameof for store
4601cb3 
Co-authored-by: AndriySvyryd <6539701+AndriySvyryd@users.noreply.github.com>
@AndriySvyryd
Move Xml_value_round_trips to BuiltInDataTypesSqlServerTest; harden X…
19ee474 
…mlReader

Co-authored-by: AndriySvyryd <6539701+AndriySvyryd@users.noreply.github.com>
@AndriySvyryd
Rename test entity to XmlTestDocument and share store name constant
16d73b9 
Co-authored-by: AndriySvyryd <6539701+AndriySvyryd@users.noreply.github.com>
AndriySvyryd
AndriySvyryd reviewed Jun 19, 2026
View reviewed changes
Comment thread src/EFCore.SqlServer/Storage/Internal/SqlServerStringTypeMapping.cs Outdated
Comment thread src/EFCore.SqlServer/Storage/Internal/SqlServerStringTypeMapping.cs Outdated
Comment thread src/EFCore.SqlServer/Storage/Internal/SqlServerStringTypeMapping.cs
Comment thread test/EFCore.SqlServer.FunctionalTests/BuiltInDataTypesSqlServerTest.cs
Comment thread test/EFCore.SqlServer.FunctionalTests/BuiltInDataTypesSqlServerTest.cs Outdated
Comment thread test/EFCore.SqlServer.FunctionalTests/BuiltInDataTypesSqlServerTest.cs Outdated
@AndriySvyryd AndriySvyryd mentioned this pull request Jun 19, 2026
Closed
@AndriySvyryd
Address review: fixture-based xml tests, N-prefixed xml literal, Gene…
97293d7 
…rateNonNullSqlLiteral test

Co-authored-by: AndriySvyryd <6539701+AndriySvyryd@users.noreply.github.com>
Copilot AI requested a review from AndriySvyryd June 19, 2026 02:16
AndriySvyryd
AndriySvyryd reviewed Jun 19, 2026
View reviewed changes
Comment thread test/EFCore.SqlServer.Tests/Storage/SqlServerStringTypeMappingTest.cs Outdated
Comment thread test/EFCore.SqlServer.FunctionalTests/BuiltInDataTypesSqlServerTest.cs Outdated
Comment thread test/EFCore.SqlServer.FunctionalTests/BuiltInDataTypesSqlServerTest.cs Outdated
@AndriySvyryd
Merge xml filter test into round-trips with dynamic baseline; remove …
c2bfa09 
…xml literal unit test

Co-authored-by: AndriySvyryd <6539701+AndriySvyryd@users.noreply.github.com>
Copilot AI requested a review from AndriySvyryd June 19, 2026 02:53
@AndriySvyryd AndriySvyryd changed the title Move Xml_value_round_trips to BuiltInDataTypesSqlServerTest and harden the xml parameter XmlReader Fix XML parameter encoding for SQL Server Jun 19, 2026
@AndriySvyryd AndriySvyryd requested a review from Copilot June 19, 2026 04:20
Copilot AI reviewed Jun 19, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves SQL Server xml handling in EF Core by ensuring XML values are sent as SqlDbType.Xml (using SqlXml) and by hardening the XML parsing path against DTD/XXE-style payloads, with accompanying unit/functional test coverage.

Changes:

  • Update SQL Server string type mapping to treat xml as Unicode for SQL literal generation and to convert XML string parameters into SqlXml using secure XmlReaderSettings.
  • Update the SQL Server type mapping source so the xml mapping is explicitly configured with SqlDbType.Xml.
  • Add/extend tests to validate SqlXml parameterization, round-tripping behavior, and rejection of DTD payloads.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
test/EFCore.SqlServer.Tests/Storage/SqlServerTypeMappingTest.cs Adds unit tests asserting xml parameters are sent as SqlDbType.Xml and values are SqlXml.
test/EFCore.SqlServer.FunctionalTests/BuiltInDataTypesSqlServerTest.cs Adds functional round-trip/query coverage for xml values and a negative test for DTD payload rejection; configures an xml-typed entity property in the fixture model.
src/EFCore.SqlServer/Storage/Internal/SqlServerTypeMappingSource.cs Configures the xml mapping with sqlDbType: SqlDbType.Xml so parameters can be sent correctly as XML.
src/EFCore.SqlServer/Storage/Internal/SqlServerStringTypeMapping.cs Adds secure XML reader settings and converts XML string parameters to SqlXml; adjusts Unicode literal handling for xml.

Comment thread test/EFCore.SqlServer.Tests/Storage/SqlServerTypeMappingTest.cs
Comment thread src/EFCore.SqlServer/Storage/Internal/SqlServerStringTypeMapping.cs Outdated
@AndriySvyryd
Fix SqlXml ambiguity and remove SqlParameter guard on conversion
96f6a7a 
Co-authored-by: AndriySvyryd <6539701+AndriySvyryd@users.noreply.github.com>
@AndriySvyryd AndriySvyryd marked this pull request as ready for review June 19, 2026 04:42
@AndriySvyryd AndriySvyryd requested a review from a team as a code owner June 19, 2026 04:42
Copilot AI review requested due to automatic review settings June 19, 2026 04:42
Copilot AI reviewed Jun 19, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

Comment thread src/EFCore.SqlServer/Storage/Internal/SqlServerStringTypeMapping.cs
Comment thread test/EFCore.SqlServer.Tests/Storage/SqlServerTypeMappingTest.cs
Comment thread test/EFCore.SqlServer.Tests/Storage/SqlServerTypeMappingTest.cs
@AndriySvyryd
Apply suggestions from code review
633a8a6 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 19, 2026 06:25
Copilot AI reviewed Jun 19, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

Comment thread src/EFCore.SqlServer/Storage/Internal/SqlServerStringTypeMapping.cs
Comment on lines 124 to +126
_sqlDbType = sqlDbType;
_isUtf16 = parameters.Unicode
&& (parameters.StoreType.StartsWith("n", StringComparison.OrdinalIgnoreCase) || _sqlDbType == SqlDbType.Xml);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@AndriySvyryd AndriySvyryd Awaiting requested review from AndriySvyryd

At least 1 approving review is required to merge this pull request.

Assignees

@cincuranet cincuranet

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

xml constants do not have the N prefix

5 participants

@AndriySvyryd @Charlieface @cincuranet