[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn log causes XML parse error (internal error)

From: Klaus Rennecke <kre_at_tigris.org>
Date: 2004-07-20 09:39:07 CEST

Peter N. Lundblad wrote:
> [...] I think we should filter out
> characters that are not valid XML characters. OK, we could base64-encode
> them, but does the DAV elements allow that? Also, are those potential
> compability problems worht it just for the fun of being able to screw up
> someone else's terminal? [...]

If encoding names, I think the best approach would be to URL-encode
them. Base64 bloats the text even if it's totally fine, but URL-encoding
would leave the polite names readable.

That goes for file and property names alike.

As for the dangers of control characters: File names have been an attack
vector on unix for a loong time. Root guys should be aware of that, with
or without subversion.

The standard approach is to display a ? in place of control characters
for user output. In this case however, I think it would be easier (like,
  no-op) to just leave the URL-encoded string as-is except for actually
creating the files. And this would have the added bonus that wrapping
tools had a real chance at safely parsing it.

This would allow spaces in the property names as well. I think there was
at least one request on users@ about this. It will not break the skel
syntax if you just leave it URL-encoded in the database. All existing
properties except the ones with enclosed % characters will remain
unaffected.

/Klaus

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jul 20 09:39:31 2004

This is an archived mail posted to the Subversion Dev mailing list.