Lists Home |
Date Index |
"Aaron Skonnard" <firstname.lastname@example.org> wrote:
| Arjun Ray [mailto:email@example.com] wrote:
|> The basic premise is tag soup: writing a bunch of tags directly into
|> what is supposed to be a structured object.
| Huh? So being able to move between the canonical serialized form and the
| object model itself is hostile use?
Yes, in ways that usually only the other guy finds out.
First, consider this pattern:
foo.Bar = "some string" ;
foo.Bar = foo.Bar + "another string" ;
If this idiom is possible, then it follows that that it is not worthwhile
to validate the string being assigned as a "property", because you never
know whether you're in the middle of some complex constructive process or
at the end. It works swimmingly as long as the "inputs" at any point are
kosher, but it works *equally "well" when they are not*. You are wide
open to misuse, even inadvertently. Why is this important? Because of
Murphy's Law: anything that can go wrong, will. The "API" has set a trap.
Second, have you considered encoding issues? Directly sucking in strings
that could be "serialized XML" invites precisely the kinds of problems
that Tim Bray was talking about. Again, this works swimmingly if all data
are Windows-1252 or whatever, but neither does the API know that, it isn't
in a position either to find out at the right time or to enforce a policy.
Yet another trap.
The API is *meant* to be quick and dirty. Best not to manufacture
"technical justifications" for that.