[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: safe HTTP transport of lock comments

From: Brian W. Fitzpatrick <fitz_at_collab.net>
Date: 2005-02-17 23:59:24 CET

On Feb 17, 2005, at 3:04 PM, Ben Collins-Sussman wrote:

> Here's a suggested game plan:
>
> - the newly written svn_xml_fuzzy_escape() should be made
> lossless (by teaching it to escape its own ?\ escape sequence)
> and then renamed svn_xml_lossless_escape(), or something
> similar.
>
> - a companion 'lossless' decoder function is written. Now we
> have an alternative to base64-ing things.
>
> - when sending a lock, ra_dav runs svn_xml_lossless_escape() on
> the comment, xml-escapes the result, then sends it to apache.
>
> --> mod_dav automatically xml-unescapes the comment.
> mod_dav_svn knows that it's an svn client, and thus
> losslessly decodes the comment before storing the lock
> in the repos.
>
> - when retrieving a lock, mod_dav_svn notices if the comment was
> originally created by an svn client. if so, it losslessly
> escapes, then xml-escapes, the comment before handing it to
> mod_dav.
>
> --> ra_dav unconditionally xml-unescapes, then losslessly
> decodes value.
>
> Comments, thoughts?

I think that this is fine, even though it's a pain in the rear.

DAV & XML: 3,927
Sussman: 4

-Fitz

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Feb 18 00:00:41 2005

This is an archived mail posted to the Subversion Dev mailing list.