|
Re: [RSS-DEV] CDATA the title and description?
Clinton Gallagher wrote:
> So it seems to be a general consensus that CDATA within the title and the
> description is widely supported at this point in time as a means to allow
> users to submit data such as the word AT&T in a title or description? What
> are the generally accepted pitfalls of using CDATA?
It's pretty depressing that "widely supported" can even be talked about
in this case. It's 9 years since XML became a recommendation. There are
kids out there younger than XML that understand CDATA, and some of the
parsers don't. :(
Anyway the biggest pitfall I can see with CDATA at the authors side is
the belief that you can pass anything through without having to worry
about escaping anything - there is the exception of the string "]]>".
Now granted the string ]]> doesn't come up very much in normal
conversation, but it certainly can come up in technical posts, etc. and
of course Murphy's law applies - if there's a set of inputs that will
cause failure someone will give you that set of inputs.
As such you still have to do escaping with anything you are putting into
a CDATA section so that ]]> gets replaced with ]]>]<![CDATA[]> (there
are a couple of other workable equivalents).
Personally, I tend to find it just as handy to escape & and < to &
and < (and > to > though in most cases that should be safe - but
again there are parsers that may think differently) especially since I
got into the habit of looking for those a long time ago when dealing
with HTML (not to say I never ever overlook that those characters could
be coming into a given piece of code, but I'm still well used to looking
out for them and not for ]]>
|
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
Online Now 
Send Email
