[
Lists Home |
Date Index |
Thread Index
]
At 9:36 PM -0500 1/13/04, Michael Champion wrote:
sending it to a parser. Maybe a subtle difference, but it really
feels very different to me to sniff for encoding errors and declare
the HTML entities before parsing than to do the kind of thing that
could change the meaning of the text (as in Tim Bray's example).
Hmm, smells like a security hole to me. I could certainly create a
well-formed RSS feed in which the HTML entities did not have their
usual replacement text. Some clients would see one message. Others
would see another. You might be able to manipulate this to get a
party to agree to something other than what they thought they were
agreeing too. If Atom/RSS is going to be XML, it needs to be XML,
draconian error handling and all. No compromises.
--
Elliotte Rusty Harold
elharo@metalab.unc.edu
Effective XML (Addison-Wesley, 2003)
http://www.cafeconleche.org/books/effectivexml
http://www.amazon.com/exec/obidos/ISBN%3D0321150406/ref%3Dnosim/cafeaulaitA
|
