[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Tradeoffs of XML encoding by enclosing all content in CDAT

  • From: "Fraser Goffin" <goffinf@g...>
  • To: xml-dev <xml-dev@l...>
  • Date: Tue, 30 Sep 2008 12:16:24 +0100

Re:  Tradeoffs of XML encoding by enclosing all content in CDAT
> ... Using CDATA only becomes easier
> if you do it incorrectly, and surely you're not proposing to do that?

No I (like Rick) am talking about pragmatism. Sometimes it is possible
to reason about the likely occurence of edge cases such as ]]> as well
as the more obvious cases such as &. That reasoning may lead you to
conclude that it *is* in fact easier to use CDATA ("incorrectly" or
perhaps "incompletely") much in the same way that we reason about all
kinds of other risks where the cost of fixing every eventuality isn't
justifiable.

> Do what some UK government applications do: tell the user you can't use "&" ...

Well, my point was that sometimes this might not be and available
(and/or affordable) option.

> ... and the vast majority will think you are just being bureaucratic,
> which is what they expect of you anyway. But since they don't have the
> option of taking their business elsewhere, why should you care?

I would prefer to be a little more helpful than that and, whilst I
agree entirely with your later post [(a) prevent it happening if you
can], sometimes option (b) is what you are left with (I'm certain you
are familiar of the multitude of reasons why this might be so, I have
hinted at some of them already).

Fraser.

2008/9/30 Michael Kay <mike@s...>:
>
>> Whilst I am pretty much in agreement with all of the
>> sentiments expressed here, its interesting that no one has
>> really come up with a compelling argument for not using CDATA
>> to resolve this encoding issue.
>
> I thought several people had pointed out that escaping data with CDATA
> correctly (which means recognizing ']]>' and possibly comments) was harder
> than escaping the data using &amp; and &lt;. Using CDATA only becomes easier
> if you do it incorrectly, and surely you're not proposing to do that?
>
>> So as a provocation, I integrate with many back office
>> applications a number of which were written before I was born
>> and they are still going strong and supporting core business
>> capabilities. Many are written in languages that don't
>> natively support XML, run on all manner of platforms, and are
>> maintained by programmers who have no skill in XML at its
>> relations or (as they might perceive it) need to acquire it.
>> Such applications typically *do* just output XML as a string.
>>
>> Before we dismiss these applications as useless because they
>> don't natively support XML and suggest that there keepers are
>> 'lazy', what does the group suggest is the best approach to
>> maintaining the correct encoding.
>
> Do what some UK government applications do: tell the user you can't use "&"
> or "<" in text fields, and reject the data if you find them being used. This
> means that a very small minority of users will know you are technically
> incompetent (or at any rate, that you employ "programmers who have no skill
> in XML"), and the vast majority will think you are just being bureaucratic,
> which is what they expect of you anyway. But since they don't have the
> option of taking their business elsewhere, why should you care?
>
> Michael Kay
> http://www.saxonica.com/
>
>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]


PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.