Loading ...
Sorry, an error occurred while loading the content.

7433Re: [RSS-DEV] CDATA the title and description?

Expand Messages
  • Jon Hanna
    May 27, 2007
      Clinton Gallagher wrote:
      > So it seems to be a general consensus that CDATA within the title and the
      > description is widely supported at this point in time as a means to allow
      > users to submit data such as the word AT&T in a title or description? What
      > are the generally accepted pitfalls of using CDATA?

      It's pretty depressing that "widely supported" can even be talked about
      in this case. It's 9 years since XML became a recommendation. There are
      kids out there younger than XML that understand CDATA, and some of the
      parsers don't. :(

      Anyway the biggest pitfall I can see with CDATA at the authors side is
      the belief that you can pass anything through without having to worry
      about escaping anything - there is the exception of the string "]]>".
      Now granted the string ]]> doesn't come up very much in normal
      conversation, but it certainly can come up in technical posts, etc. and
      of course Murphy's law applies - if there's a set of inputs that will
      cause failure someone will give you that set of inputs.

      As such you still have to do escaping with anything you are putting into
      a CDATA section so that ]]> gets replaced with ]]>]<![CDATA[]> (there
      are a couple of other workable equivalents).

      Personally, I tend to find it just as handy to escape & and < to &
      and < (and > to > though in most cases that should be safe - but
      again there are parsers that may think differently) especially since I
      got into the habit of looking for those a long time ago when dealing
      with HTML (not to say I never ever overlook that those characters could
      be coming into a given piece of code, but I'm still well used to looking
      out for them and not for ]]>
    • Show all 4 messages in this topic