On Fri, 2014-05-02 at 11:59 +0200, Lukas Zeller wrote: > On 02.05.2014, at 10:38, Patrick Ohly <patrick.o...@intel.com> wrote: > > I noticed another problem with the "use X-ABLabel parameter" approach: > > storing complex strings (spaces, quotation marks) in a parameter value > > is harder. > > That's probably why Apple chose the X-ABLabel property approach. An > unparseable parameter could ruin the real data, a unknown property is > less dangerous. > > > The EDS vCard parser gets it wrong and fails to parse: > > > > X-ABRELATEDNAMES;X-ABLabel=domestic partner:domestic partner > > > > That is valid according to http://tools.ietf.org/html/rfc2425#page-5 > > because the space is a SAFE-CHAR and thus may appear in a ptext, but the > > EDS parser does not expect the space. To work around this, we could > > voluntarily quote the string even though it is not required. > > > > Now, the conceptual problem with "X-ABLabel parameter" is that a quoted > > string cannot contain double quotes. It is probably rare that a user > > enters double quotes as part of a label, but it cannot be ruled out > > either. Line breaks are also only allowed in property values and not > > parameter values.
I've looked into TMimeDirProfileHandler::generateValue() some more to understand under which circumstances libsynthesis uses quoted strings (with double quotes at start and end) as parameter value. At first glance it doesn't seem to do that at all. Instead special values are escaped with backslash. item29.X-ABLabel:custom-label5\nUmlaut-ä\nSemicolon\; -> X-ABRELATEDNAMES;X-ABLabel=custom-label5\nUmlaut-ä\nSemicolon\;:custom relationship Where is it specified that the backslash escape mechanism can be used in parameter values? http://tools.ietf.org/html/rfc2425#page-5 says: param = param-name "=" param-value *("," param-value) param-name = x-name / iana-token param-value = ptext / quoted-string ptext = *SAFE-CHAR SAFE-CHAR = WSP / %x21 / %x23-2B / %x2D-39 / %x3C-7E / NON-ASCII ; Any character except CTLs, DQUOTE, ";", ":", "," My reading of that is that special characters must not appear in a ptext at all, not even when escaped with backslash. One has to use a quoted string, which (unfortunately) cannot hold all characters either. IMHO libsynthesis is currently producing broken vCards. I consider changing the code so that it uses quoted strings if it detects unsafe characters in the value and filters out invalid ones. "unsafe" would be more conservative than in the RFC itself and also include spaces, to work around the EDS parser bug. -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. _______________________________________________ os-libsynthesis mailing list os-libsynthesis@synthesis.ch http://lists.synthesis.ch/mailman/listinfo/os-libsynthesis
