[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

safe HTTP transport of lock comments

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2005-02-17 22:04:07 CET

Karl and I have been trying to come up with a coherent plan to deal
with safely moving lock "comments" over the DAV layer. At the moment,
they're not being xml-escaped at all, nor is there even a guarantee
that these comments *can* be xml-escaped. For example,

    $ svn lock foo.c -m "Here is a <comment> on the lock."

... will cause mod_dav to choke on the request.

In a perfect world, we'd treat lock comments and log messages
identically. At the moment, the only repository-side requirement is
that these sorts of messages be UTF8... of course, that doesn't
guarantee that DAV can safely transport them over XML. Certain
control-characters aren't xml-escapable, and that's what issue 2147
was all about.

Because of backward-compatibility issues, the solution to #2147 was to
create a fuzzy-escaping mechanism. If somebody accessing a repository
via file:/// or cvs2svn.py managed to get xml-unsafe data into a log
message, mod_dav_svn now fuzzily (loss-ily) escapes the message before
xml-escaping it and sending it out.

But: Karl points out that we can shoot for perfection when it comes to
lock comments, since we have no compatibility baggage to worry about.
The goal is a perfectly lossless transport of the lock comment over
HTTP -- but *without* resorting to base64'ing the data into an
unreadable mess. Here's a suggested game plan:

      - the newly written svn_xml_fuzzy_escape() should be made
        lossless (by teaching it to escape its own ?\ escape sequence)
        and then renamed svn_xml_lossless_escape(), or something similar.

      - a companion 'lossless' decoder function is written. Now we
        have an alternative to base64-ing things.

      - when sending a lock, ra_dav runs svn_xml_lossless_escape() on
        the comment, xml-escapes the result, then sends it to apache.

             --> mod_dav automatically xml-unescapes the comment.
                 mod_dav_svn knows that it's an svn client, and thus
                 losslessly decodes the comment before storing the lock
                 in the repos.

      - when retrieving a lock, mod_dav_svn notices if the comment was
        originally created by an svn client. if so, it losslessly
        escapes, then xml-escapes, the comment before handing it to
        mod_dav.

            --> ra_dav unconditionally xml-unescapes, then losslessly
                decodes value.

Comments, thoughts?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Feb 17 22:05:55 2005

This is an archived mail posted to the Subversion Dev mailing list.