* Tim Bray <[EMAIL PROTECTED]> [2005-08-05 14:05]: > Uh, anyone who's lazily concatenating strings is pretty soon > going to end up with a free ampersand or something worse in > their Atom feed. Right?
I think that’s a bit grand of a generalization. It’s not hard to build XML by concatening strings, after all, a DOM serializer doesn’t do anything else. The strategy is to establish which concatenations expect XML fragments and which expect content, and to be diligent about turning the latter into the former when such is expected, by way of escaping. It’s the <http://www.tbray.org/ongoing/When/200x/2004/03/16/EscMad> strategy. I’ve written that sort of code more times than I care to count and I’ve never had an escaping bug in it. It’s trivial. So just because someone’s concatenating strings in a template doesn’t mean they’re lazy or dumb, but they can still fall for this trap. I suggest simply the following: in 4.2.6 (The "atom:id" Element), change Its content MUST be an IRI, as defined by [RFC3987]. to read: Its content MUST be an IRI, as defined by [RFC3987], and MUST NOT contain any whitespace. It doesn’t change anything, it just says the same thing more explicitly. In addition, the same minimal change should be applied to * 3.2.2 (The "atom:uri" Element) * 3.2.3 (The "atom:email" Element) * 3.3 (Date Constructs) * 4.2.5 (The "atom:icon" Element) * 4.2.8 (The "atom:logo" Element) which all contain either a URI, an ISO date, or an email address. Regards, -- Aristotle Pagaltzis // <http://plasmasturm.org/>
