Sam, You wrote:
It's very difficult to parse the former using XPath. For instance, the expression "/oslc:Compact/dcterms:title" takes out the "<s>" and "</s>" I don't think problems using XPath are a valid reason to encode markup since RDF/XML itselt is very difficult to process using XPath. At one point we tried to define an OSLC-variant of RDF/XML that looked like "normal" XML. However, we abandonned that and now require support for generic RDF/XML. The are many equivalent ways to represent a given set of triples in RDF/XML. It would therefore be very problematic to use XPath, XSLT, or XQuery to process RDF/XML. The safe way to process RDF/XML is to use an RDF toolkit like Jena. Regards, ___________________________________________________________________________ Arthur Ryman DE, PPM Chief Architect IBM Software, Rational Toronto Lab | +1-905-413-3077 Twitter | Facebook | YouTube From: Samuel Padgett <[email protected]> To: "[email protected]" <[email protected]> Cc: Adam Archer/Toronto/IBM@IBMCA, Randy Hudson <[email protected]> Date: 08/07/2011 01:01 PM Subject: [oslc-core] OSLC Compact representation, titles with markup Sent by: [email protected] I believe the spec is a bit confusing when it comes to titles with markup for UI Preview. The Compact representation has a dcterms:title property. It's defined as an XML Literal that can contain XHTML markup [1]. My understanding of XML Literals as discussed in the RDF Primer [2] means a title with markup would look like this, <dcterms:title>12345: <s>Null pointer exception during startup</s></dcterms:title> The example [3] of this resource has a title like this, however, <dcterms:title> 12345: <s>Null pointer exception during startup</s> </dcterms:title> The example doesn't seem to fit with the description. It's very difficult to parse the former using XPath. For instance, the expression "/oslc:Compact/dcterms:title" takes out the "<s>" and "</s>" Most implementations I'm aware also follow the example where markup is encoded. It means special characters need to be "double encoded." For instance, "12345: Values > 1000 incorrectly calculated" would be, <dcterms:title>12345: Values &gt; 1000 incorrectly calculated</dcterms:title> I think we should add more clarity to the spec here, as getting this wrong can open up consumers to cross-site scripting attacks. I'd also suggest we say that providers MUST NOT use any markup with a <script> tag and consumer MUST NOT display any markup with a <script> tag to guard against this problem. Best Regards, Sam [1] http://open-services.net/bin/view/Main/OslcCoreUiPreview?sortcol=table;up=#Representation_Compact [2] http://www.w3.org/TR/rdf-syntax/#xmlliterals [3] http://open-services.net/bin/view/Main/OslcCoreUiPreview?sortcol=table;up=#XML_Representation_Format _______________________________________________ Oslc-Core mailing list [email protected] http://open-services.net/mailman/listinfo/oslc-core_open-services.net
