[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] issue #2147 - v1

From: Julian Foad <julianfoad_at_btopenworld.com>
Date: 2005-01-26 18:07:39 CET

Julian Foad wrote:
> VK Sameer wrote:
>> SVN_ERR( dav_svn__send_xml(lrb->bb, lrb->output,
>> "<D:comment>%s</D:comment>" DEBUG_CR,
>> - apr_xml_quote_string(pool, msg, 0)) );
>> + svn_xml_fuzzy_escape (
>> + apr_xml_quote_string (pool, msg, 0),
>> + pool)) );
>
> No. You should strip control characters before you XML-quote it,
> otherwise you are relying on (1) your function producing validly quoted
> XML (which it may do at present but is not documented to do), and (2)
> the XML-quoting function accepting and passing through control
> characters (which such a function need not be expected to do).

(1)
Thinking some more about this, I see now that you originally intended
svn_xml_fuzzy_escape to accept nearly-well-formed XML text (but with some
control characters) and return well-formed XML text, and that's why it is named
"svn_xml_...". Ideally you wanted it to perform some sort of XML quoting which
would encode the control characters in XML such that they would be decoded by
the XML receiver, but you have found that this is not possible. (I agree: the
XML spec says control characters cannot be represented, encoded or otherwise.)
  Therefore you have had to settle for performing an ad-hoc, mostly
human-readable, non-reversible encoding. Because of this, I stand by what I
wrote above: your fuzzy function is not, and should not be documented for use
on well-formed XML text; it should be applied to the actual (non-escaped) log
message.

Whether the fuzzy function's name and/or doc-string should change to reflect
that it doesn't produce XML but does produce XML-safe text, I don't know.

(2)
Now I'm confused about what you are escaping. You are escaping all ASCII
control characters (as defined by svn_ctype_iscntrl). That includes valid XML
characters CR, LF and TAB. Shouldn't you be escaping only non-XML control
characters?

(Sorry, I've not tested because I haven't been able to set up my own
mod_dav_svn server.)

- Julian

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jan 26 18:09:00 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.