Randy, I think example [3] is wrong. If the datatype is plain text then you should not assume it contains encoded HTML. If you need to include markup then you should use XML Literal datatype, and use XHTML content. This is described in the core spec [4] which gives guidance for putting markup in dcterms:title and dcterms:description.
[4] http://open-services.net/bin/view/Main/OSLCCoreSpecAppendixA#Dublin_Core_Properties Regards, ___________________________________________________________________________ Arthur Ryman DE, PPM Chief Architect IBM Software, Rational Toronto Lab | +1-905-413-3077 Twitter | Facebook | YouTube From: Randy Hudson <[email protected]> To: Samuel Padgett <[email protected]>, Steve K Speicher <[email protected]> Cc: Adam Archer/Toronto/IBM@IBMCA, "[email protected]" <[email protected]> Date: 08/08/2011 11:54 AM Subject: Re: [oslc-core] OSLC Compact representation, titles with markup Sent by: [email protected] Sam, I agree that the spec needs to be more clear, but I don't agree with your interpretation of the current spec. If the spec says that a property's value is of type "string", then to persist the string "<foo>" in XML+RDF, you must escape that string as "<foo>" in the raw XML. It's my understanding (and I could be wrong) that this is true of any data type, including XML Literal. So if the title's value were "<b>foo</b>", persisting that value to XML+RDF would require escaping characters like '<'. Persisting that same value using another format, like N3, maybe wouldn't require the same characters to be escaped. I have some suggested changes that I'll get to in a future email, but can we first agree that the current spec's example does in fact agree with the current spec? I think it's important that we all start on the same page before we write the next one :-) -Randy |------------> | From: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Samuel Padgett/Durham/IBM | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | To: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |[email protected] <[email protected]> | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Cc: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Randy Hudson/Raleigh/IBM@IBMUS, Adam Archer/Toronto/IBM@IBMCA | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Date: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |08/07/2011 01:06 PM | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Subject: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |OSLC Compact representation, titles with markup | >--------------------------------------------------------------------------------------------------------------------------------------------------| Small correction, that first example should be, <dcterms:title rdf:parseType="Literal">12345: <s>Null pointer exception during startup</s></dcterms:title> - Sam __________________ I believe the spec is a bit confusing when it comes to titles with markup for UI Preview. The Compact representation has a dcterms:title property. It's defined as an XML Literal that can contain XHTML markup [1]. My understanding of XML Literals as discussed in the RDF Primer [2] means a title with markup would look like this, <dcterms:title>12345: <s>Null pointer exception during startup</s></dcterms:title> The example [3] of this resource has a title like this, however, <dcterms:title> 12345: <s>Null pointer exception during startup</s> </dcterms:title> The example doesn't seem to fit with the description. It's very difficult to parse the former using XPath. For instance, the expression "/oslc:Compact/dcterms:title" takes out the "<s>" and "</s>" Most implementations I'm aware also follow the example where markup is encoded. It means special characters need to be "double encoded." For instance, "12345: Values > 1000 incorrectly calculated" would be, <dcterms:title>12345: Values &gt; 1000 incorrectly calculated</dcterms:title> I think we should add more clarity to the spec here, as getting this wrong can open up consumers to cross-site scripting attacks. I'd also suggest we say that providers MUST NOT use any markup with a <script> tag and consumer MUST NOT display any markup with a <script> tag to guard against this problem. Best Regards, Sam [1] http://open-services.net/bin/view/Main/OslcCoreUiPreview?sortcol=table;up=#Representation_Compact [2] http://www.w3.org/TR/rdf-syntax/#xmlliterals [3] http://open-services.net/bin/view/Main/OslcCoreUiPreview?sortcol=table;up=#XML_Representation_Format _______________________________________________ Oslc-Core mailing list [email protected] http://open-services.net/mailman/listinfo/oslc-core_open-services.net
