[
Lists Home |
Date Index |
Thread Index
]
Arjun Ray wrote:
> Note that the issue only comes up if one insists on writing tags in
> strings. That's the broken idea we need to get away from (because you
> can't test the string for wellformedness before runtime, and by that time
> the programmers have gone home, the product has shipped, and others are
> footing the bills.)
Are we making a mountain out of the wrong molehill here? The fact of
the matter is all of these techniques you guys are talking about allow
you to generate XML with an amount of work that is really small in
comparison to the rest of the system.
I usually encounter breakage in a completely different area, which
low-level character handling. Unless you're in a very tightly
controlled environment you can't generate XML with printf() at all
because one of the strings behind a %s might contain a < or & or
something that is not kosher per the character encoding you think you're
generating.
And it's not as simple as just having an escape-xml-string either,
because lots of times you get input (i.e. from users who are too smart,
or from some database field that got serialized out of other XML) that
already has & and ɼ and so on in it, so you need to think
through carefully where & how you do the escaping.
And then there's the problem of makeing sure that an iso 8859-1
character doesn't leak through into your utf-8 output stream, or vice versa.
These things are about 8 times as much work as synthesizing the tree in
the applications I write. Nothing glamorous about 'em -Tim
|
