Peter N. Lundblad wrote:
> [...] I think we should filter out
> characters that are not valid XML characters. OK, we could base64-encode
> them, but does the DAV elements allow that? Also, are those potential
> compability problems worht it just for the fun of being able to screw up
> someone else's terminal? [...]
If encoding names, I think the best approach would be to URL-encode
them. Base64 bloats the text even if it's totally fine, but URL-encoding
would leave the polite names readable.
That goes for file and property names alike.
As for the dangers of control characters: File names have been an attack
vector on unix for a loong time. Root guys should be aware of that, with
or without subversion.
The standard approach is to display a ? in place of control characters
for user output. In this case however, I think it would be easier (like,
no-op) to just leave the URL-encoded string as-is except for actually
creating the files. And this would have the added bonus that wrapping
tools had a real chance at safely parsing it.
This would allow spaces in the property names as well. I think there was
at least one request on users@ about this. It will not break the skel
syntax if you just leave it URL-encoded in the database. All existing
properties except the ones with enclosed % characters will remain
unaffected.
/Klaus
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jul 20 09:39:31 2004