W3C home > Mailing lists > Public > public-rdf-wg@w3.org > November 2011

Re: unicode escapes in prefix names

From: Eric Prud'hommeaux <eric@w3.org>
Date: Wed, 23 Nov 2011 10:17:12 -0500
To: Andy Seaborne <andy.seaborne@epimorphics.com>
Cc: Richard Cyganiak <richard@cyganiak.de>, Gavin Carothers <gavin@carothers.name>, RDF-WG <public-rdf-wg@w3.org>
Message-ID: <20111123151710.GB9496@w3.org>
* Andy Seaborne <andy.seaborne@epimorphics.com> [2011-11-23 14:58+0000]
> 
> 
> On 23/11/11 14:50, Éric Prud'hommeaux wrote:
> >* Richard Cyganiak<richard@cyganiak.de>  [2011-11-23 13:36+0000]
> >>On 23 Nov 2011, at 01:20, Gavin Carothers wrote:
> >>>>I would argue that SPARQL is changing to avoid a security risk in SPARQL Update:
> >>>>http://lists.w3.org/Archives/Public/public-rdf-dawg-comments/2011Aug/0010.html
> >>>
> >>>Obfuscated comments are not really a security risk.
> >>
> >>The problem is obfuscated DELETE statements, not obfuscated comments.
> >
> >I believe this whitepaper describes the security risk http://xkcd.com/327/
> 
> :-) although it's blue-grey on my screen.
> 
> SPARQL Query and SPARQL Update are separate languages.  This is
> different to SQL.
> 
> >The point is that in SPARQL 1.0, the grammar never "sees" xxx:Éire. You can sprinkle them where you like, but they are only useful for folks who are editing unicode in ascii, which is a small and shrinking use case.
> 
> The grammar never "sees" xxx:\u00C9ire

confirming Andy's correction to my typo
tx.

> The grammar accepts (as does Turtle) xxx:Éire
> 
> 	Andy
> 

-- 
-ericP
Received on Wednesday, 23 November 2011 15:17:50 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 16:25:46 GMT