W3C home > Mailing lists > Public > public-rdf-wg@w3.org > November 2011

Re: unicode escapes in prefix names

From: Andy Seaborne <andy.seaborne@epimorphics.com>
Date: Wed, 23 Nov 2011 14:58:46 +0000
Message-ID: <4ECD0A26.5000901@epimorphics.com>
To: Eric Prud'hommeaux <eric@w3.org>
CC: Richard Cyganiak <richard@cyganiak.de>, Gavin Carothers <gavin@carothers.name>, RDF-WG <public-rdf-wg@w3.org>


On 23/11/11 14:50, Éric Prud'hommeaux wrote:
> * Richard Cyganiak<richard@cyganiak.de>  [2011-11-23 13:36+0000]
>> On 23 Nov 2011, at 01:20, Gavin Carothers wrote:
>>>> I would argue that SPARQL is changing to avoid a security risk in SPARQL Update:
>>>> http://lists.w3.org/Archives/Public/public-rdf-dawg-comments/2011Aug/0010.html
>>>
>>> Obfuscated comments are not really a security risk.
>>
>> The problem is obfuscated DELETE statements, not obfuscated comments.
>
> I believe this whitepaper describes the security risk http://xkcd.com/327/

:-) although it's blue-grey on my screen.

SPARQL Query and SPARQL Update are separate languages.  This is 
different to SQL.

> The point is that in SPARQL 1.0, the grammar never "sees" xxx:Éire. You can sprinkle them where you like, but they are only useful for folks who are editing unicode in ascii, which is a small and shrinking use case.

The grammar never "sees" xxx:\u00C9ire

The grammar accepts (as does Turtle) xxx:Éire

	Andy
Received on Wednesday, 23 November 2011 14:59:22 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 16:25:46 GMT