Cart
[Home] [By Thread] [By Date] [Recent Entries]
At 9:36 PM -0500 1/13/04, Michael Champion wrote: sending it to a parser. Maybe a subtle difference, but it really feels very different to me to sniff for encoding errors and declare the HTML entities before parsing than to do the kind of thing that could change the meaning of the text (as in Tim Bray's example). Hmm, smells like a security hole to me. I could certainly create a well-formed RSS feed in which the HTML entities did not have their usual replacement text. Some clients would see one message. Others would see another. You might be able to manipulate this to get a party to agree to something other than what they thought they were agreeing too. If Atom/RSS is going to be XML, it needs to be XML, draconian error handling and all. No compromises. -- Elliotte Rusty Harold elharo@m... Effective XML (Addison-Wesley, 2003) http://www.cafeconleche.org/books/effectivexml http://www.amazon.com/exec/obidos/ISBN%3D0321150406/ref%3Dnosim/cafeaulaitA
|
