- From: Eric Prud'hommeaux <eric@w3.org>
- Date: Wed, 23 Nov 2011 10:17:12 -0500
- To: Andy Seaborne <andy.seaborne@epimorphics.com>
- Cc: Richard Cyganiak <richard@cyganiak.de>, Gavin Carothers <gavin@carothers.name>, RDF-WG <public-rdf-wg@w3.org>
* Andy Seaborne <andy.seaborne@epimorphics.com> [2011-11-23 14:58+0000] > > > On 23/11/11 14:50, Éric Prud'hommeaux wrote: > >* Richard Cyganiak<richard@cyganiak.de> [2011-11-23 13:36+0000] > >>On 23 Nov 2011, at 01:20, Gavin Carothers wrote: > >>>>I would argue that SPARQL is changing to avoid a security risk in SPARQL Update: > >>>>http://lists.w3.org/Archives/Public/public-rdf-dawg-comments/2011Aug/0010.html > >>> > >>>Obfuscated comments are not really a security risk. > >> > >>The problem is obfuscated DELETE statements, not obfuscated comments. > > > >I believe this whitepaper describes the security risk http://xkcd.com/327/ > > :-) although it's blue-grey on my screen. > > SPARQL Query and SPARQL Update are separate languages. This is > different to SQL. > > >The point is that in SPARQL 1.0, the grammar never "sees" xxx:Éire. You can sprinkle them where you like, but they are only useful for folks who are editing unicode in ascii, which is a small and shrinking use case. > > The grammar never "sees" xxx:\u00C9ire confirming Andy's correction to my typo tx. > The grammar accepts (as does Turtle) xxx:Éire > > Andy > -- -ericP
Received on Wednesday, 23 November 2011 15:17:50 UTC