W3C home > Mailing lists > Public > xml-dist-app@w3.org > October 2000

RE: Issues with Packaging Application Payloads

From: Bob Cunnings <cunnings@lectrosonics.com>
Date: Thu, 19 Oct 2000 10:12:04 -0700
Message-Id: <200010191612.KAA07918@lectrosonics.com>
To: xml-dist-app@w3.org
Mark:

We do the same thing here, except that I don't bother with the escapement of '>'.
Escaping '<' and '&' is sufficient (Am I wrong here?). This behavior is built into 
the SOAP processor itself in our implementation. However, I view this approach 
as much less than perfect. The overhead of scanning a string for '<' and '&' and 
making substitutions is not inconsiderable.

RC

Mark Hughes wrote:

  Then there's #4, the *RIGHT WAY* to do this, which is:
A) Before inserting your arbitrary text into your XML wrapper, run it
through a filter that replaces & with &amp;, < with &lt;, and > with &gt;.
B) Before handing arbitrary text back to the user, run it through a filter
that replaces &lt; with <, &gt; with >, and &amp; with &.

  Voila, the problem is solved.  You don't have the byte bloat of base64,
you don't have the limitation of not including ]]> in CDATA, and you don't
have to mess up validation.

  XML is 8-bit clean (through UTF-8/16), so you can even send binary this
way (though admittedly, at 50% bloat for 128-255, as compared to the 33%
bloat of base64).

  It's easy.  It's nigh-perfect.  Why would anyone NOT do this?
Received on Thursday, 19 October 2000 12:12:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:58:57 GMT