On Wed, 26 Jan 2005, Julian Foad wrote:
> Julian Foad wrote:
> > VK Sameer wrote:
> >> SVN_ERR( dav_svn__send_xml(lrb->bb, lrb->output,
> >> "<D:comment>%s</D:comment>" DEBUG_CR,
> >> - apr_xml_quote_string(pool, msg, 0)) );
> >> + svn_xml_fuzzy_escape (
> >> + apr_xml_quote_string (pool, msg, 0),
> >> + pool)) );
> >
> > No. You should strip control characters before you XML-quote it,
> > otherwise you are relying on (1) your function producing validly quoted
> > XML (which it may do at present but is not documented to do), and (2)
> > the XML-quoting function accepting and passing through control
> > characters (which such a function need not be expected to do).
>
> (2)
> Now I'm confused about what you are escaping. You are escaping all ASCII
> control characters (as defined by svn_ctype_iscntrl). That includes valid XML
> characters CR, LF and TAB. Shouldn't you be escaping only non-XML control
> characters?
>
And non-ASCII invalid XML characters as well (in the future, when we have
functions to convert to Unicode scalars). Could you design the function so
it can be extended for that later? (Thinking of the API, not the
implementation.)
Regards,
//Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jan 26 21:30:43 2005