Re: invalid XML on PROPFIND?

Julian Reschke wrote:

> Julian Reschke wrote:
>
>> Hi,
>>
>> out of curiosity I just did a PROPFIND on
>>
>> http://svn.collab.net/repos/svn/trunk
>>
>> MSXML complains immediately about:
>>
>> <C:svk:merge>ae6c956b-9dc6-0310-97b2-e73af4192982:/svn/local:7798</C:svk:merge>
>>
>>
>> ...and I think it's right, in XML+Namespaces we have
>>
>> <http://www.w3.org/TR/REC-xml-names/#ns-qualnames>
>>
>> that is both the prefix and the local name must not have a column.
>
>
> Ok, after checking on xml-dev this *definitively* is a bug.
>
> The namespace declaration is:
>
> xmlns:C="http://subversion.tigris.org/xmlns/custom/"
>
> which is correct, but
>
> <C:svk:merge>ae6c956b-9dc6-0310-97b2-e73af4192982:/svn/local:7798</C:svk:merge>
>
>
> uses an illegal local name "svk:merge" (illegal because it contains a
> column).

Indeed, that's wrong.

> So
>
> 1) if a custom property with an illegal XML name happens to appear
> inside SVN's storage, it MUST NOT be sent in a PROPFIND response,

No; instead, the property name should be escaped appropriately.

> 2) it should be checked why the XML parser inside the svn client does
> not reject the XML (possibly running in non-namespace-aware mode???).

I'm pretty sure it is.

> 3) it should be prevented that customer properties with invalid XML
> names are entered in the first place.

No again. DAV is only one of the repository access protocols, and what
goes into the repository should not be constrained by the fact that DAV
uses XML. We should just make sure to properly XML-escape everything in
the ra_dav layer.

-- 
Brane Čibej   <brane_at_xbc.nu>   http://www.xbc.nu/brane/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org