- From: Andy Seaborne <andy.seaborne@epimorphics.com>
- Date: Wed, 23 Nov 2011 14:58:46 +0000
- To: Eric Prud'hommeaux <eric@w3.org>
- CC: Richard Cyganiak <richard@cyganiak.de>, Gavin Carothers <gavin@carothers.name>, RDF-WG <public-rdf-wg@w3.org>
On 23/11/11 14:50, Éric Prud'hommeaux wrote: > * Richard Cyganiak<richard@cyganiak.de> [2011-11-23 13:36+0000] >> On 23 Nov 2011, at 01:20, Gavin Carothers wrote: >>>> I would argue that SPARQL is changing to avoid a security risk in SPARQL Update: >>>> http://lists.w3.org/Archives/Public/public-rdf-dawg-comments/2011Aug/0010.html >>> >>> Obfuscated comments are not really a security risk. >> >> The problem is obfuscated DELETE statements, not obfuscated comments. > > I believe this whitepaper describes the security risk http://xkcd.com/327/ :-) although it's blue-grey on my screen. SPARQL Query and SPARQL Update are separate languages. This is different to SQL. > The point is that in SPARQL 1.0, the grammar never "sees" xxx:Éire. You can sprinkle them where you like, but they are only useful for folks who are editing unicode in ascii, which is a small and shrinking use case. The grammar never "sees" xxx:\u00C9ire The grammar accepts (as does Turtle) xxx:Éire Andy
Received on Wednesday, 23 November 2011 14:59:22 UTC