[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] issue #2147 - v1

From: Peter N. Lundblad <peter_at_famlundblad.se>
Date: 2005-01-26 21:29:48 CET

On Wed, 26 Jan 2005, Julian Foad wrote:

> Julian Foad wrote:
> > VK Sameer wrote:
> >> SVN_ERR( dav_svn__send_xml(lrb->bb, lrb->output,
> >> "<D:comment>%s</D:comment>" DEBUG_CR,
> >> - apr_xml_quote_string(pool, msg, 0)) );
> >> + svn_xml_fuzzy_escape (
> >> + apr_xml_quote_string (pool, msg, 0),
> >> + pool)) );
> >
> > No. You should strip control characters before you XML-quote it,
> > otherwise you are relying on (1) your function producing validly quoted
> > XML (which it may do at present but is not documented to do), and (2)
> > the XML-quoting function accepting and passing through control
> > characters (which such a function need not be expected to do).
>
> (2)
> Now I'm confused about what you are escaping. You are escaping all ASCII
> control characters (as defined by svn_ctype_iscntrl). That includes valid XML
> characters CR, LF and TAB. Shouldn't you be escaping only non-XML control
> characters?
>
And non-ASCII invalid XML characters as well (in the future, when we have
functions to convert to Unicode scalars). Could you design the function so
it can be extended for that later? (Thinking of the API, not the
implementation.)

Regards,
//Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jan 26 21:30:43 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.