[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: safe HTTP transport of lock comments

From: Peter N. Lundblad <peter_at_famlundblad.se>
Date: 2005-02-18 08:04:02 CET

On Thu, 17 Feb 2005, Ben Collins-Sussman wrote:

>
> What would be really nice is to declare that all log-messages and
> lock-comments *must*
>
> 1. be UTF8
> 2. be xml-escapable.
>
+1

>
> No, because "bad" log messages get into the repository by means other
> than the client: a weird dumpfile, cvs2svn, or any rogue application
> using libsvn_fs. We haven't been enforcing things at the fs level.
>
But since lock comments are new, we can enforce this in libsvn_fs for them
without backwards compatibility prblems.

> Perhaps it would be much simpler to declare these control-chars
> illegal, block them at the client, and also have mod_dav_svn loss-ily
> escape messages as a safeguard.
>
I think it would be better to block them in libsvn_fs and also do the
check in libsvn_ra_dav so we don't send malformed XML. That's simple and
avoids the ugly escaping.

When we move to XML 1.1 parsers someday, we can lift restriction and not
worry about an old escaping mechanism.

BTW, we have the same problem for the owner field, don't we? Control chars
in user names, anyone? :-)

Regards,
//Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Feb 18 08:05:47 2005

This is an archived mail posted to the Subversion Dev mailing list.