On 14/07/09 17:42, Ævar Arnfjörð Bjarmason wrote: > On Tue, Jul 14, 2009 at 4:19 PM, Tom Hughes<[email protected]> wrote: >> On 14/07/09 17:09, Ævar Arnfjörð Bjarmason wrote: >> >>> Yes from a client point of view. But the server portion of Potlatch >>> shouldn't trust the client side to do data validation. Doing >>> server-side content validation equivalent to the main API would have >>> prevented both the issue described in ticket:1936 and presumably this >>> issue too. >> No it wouldn't prevented this issue, because the main API checks for valid >> UTF-8, which this was. The problem in this case was that it was a UTF-8 >> control character which is not valid in XML and both APIs allow those >> through at the moment. > > Yes the main API checks for valid UTF-8 once it gets a hold of it, but > the main API also *incidentally* does further validations when it does > XML parsing via libxml, which is where it'll reject things which makes > XML parsers puke.
Yes OK, but that is basically an accident and not deliberate. Which is also why it doesn't give a very helpful error. Tom -- Tom Hughes ([email protected]) http://www.compton.nu/ _______________________________________________ dev mailing list [email protected] http://lists.openstreetmap.org/listinfo/dev
