Re: Re: The Data Sanitization Plan

On Tue, Jun 25, 2002 at 01:55:23PM -0700, Bill Tutt wrote:
>...
> > > svn diff -r3:4 http://path/to/my%20file
> >
> > I'm almost positive that you will have to type it that way.
>
> Ick. No way. No typing in of URL escapes. That's EVIL to our users.
> That's a big usability -1.

Of course it is a pain.

However, as I said: a client can certainly choose to do the escaping. But
the libraries won't do it.

>...
> The really icky part I see here isn't the question mark related one.
> What should the command line client do when it sees this command line:
> svn diff -r 3:4 http://path/to/my%20file
>
> Should it escape the % or not? We don't want the URI accidentally double
> escaped to something like: http://path/to/my%2520file

Yup. Just another variation. I had to pick one for an example :-)

> Of course, just to be annoying, there could theoretically be a file
> called my%20file in the repository. What to do, what to do..

Yup.

> I'd tend towards this heuristic for deciding whether to escape the URI
> for a command line client only:
> * Escape all normally escaped characters except for the percentage sign.
> (0x25)

Heuristic? Heh. That's also known as "we'll get it wrong one day"

> This escapes most of the data when necessary and still allows a little
> fudge room from pasting in URIs from browser address bars.
>
> The only other alternative to that is a stat() like approach. i.e. see
> if either non-escaped target, or the escaped target exist, and pick the
> first one that exists as your winner.

That doesn't work. What if you're importing? Does the new file need to be
escaped, or not?

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org