OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] InnerXml is like printf (WAS: Underwhelmed)

[ Lists Home | Date Index | Thread Index ]

Arjun Ray wrote:

> Note that the issue only comes up if one insists on writing tags in
> strings.  That's the broken idea we need to get away from (because you
> can't test the string for wellformedness before runtime, and by that time
> the programmers have gone home, the product has shipped, and others are
> footing the bills.)

Are we making a mountain out of the wrong molehill here?  The fact of 
the matter is all of these techniques you guys are talking about allow 
you to generate XML with an amount of work that is really small in 
comparison to the rest of the system.

I usually encounter breakage in a completely different area, which 
low-level character handling.  Unless you're in a very tightly 
controlled environment you can't generate XML with printf() at all 
because one of the strings behind a %s might contain a < or & or 
something that is not kosher per the character encoding you think you're 

And it's not as simple as just having an escape-xml-string either, 
because lots of times you get input (i.e. from users who are too smart, 
or from some database field that got serialized out of other XML) that 
already has &amp; and &#x27c and so on in it, so you need to think 
through carefully where & how you do the escaping.

And then there's the problem of makeing sure that an iso 8859-1 
character doesn't leak through into your utf-8 output stream, or vice versa.

These things are about 8 times as much work as synthesizing the tree in 
the applications I write.  Nothing glamorous about 'em -Tim


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS