7433Re: [RSS-DEV] CDATA the title and description?
- May 27, 2007Clinton Gallagher wrote:
> So it seems to be a general consensus that CDATA within the title and theIt's pretty depressing that "widely supported" can even be talked about
> description is widely supported at this point in time as a means to allow
> users to submit data such as the word AT&T in a title or description? What
> are the generally accepted pitfalls of using CDATA?
in this case. It's 9 years since XML became a recommendation. There are
kids out there younger than XML that understand CDATA, and some of the
parsers don't. :(
Anyway the biggest pitfall I can see with CDATA at the authors side is
the belief that you can pass anything through without having to worry
about escaping anything - there is the exception of the string "]]>".
Now granted the string ]]> doesn't come up very much in normal
conversation, but it certainly can come up in technical posts, etc. and
of course Murphy's law applies - if there's a set of inputs that will
cause failure someone will give you that set of inputs.
As such you still have to do escaping with anything you are putting into
a CDATA section so that ]]> gets replaced with ]]>]<![CDATA> (there
are a couple of other workable equivalents).
Personally, I tend to find it just as handy to escape & and < to &
and < (and > to > though in most cases that should be safe - but
again there are parsers that may think differently) especially since I
got into the habit of looking for those a long time ago when dealing
with HTML (not to say I never ever overlook that those characters could
be coming into a given piece of code, but I'm still well used to looking
out for them and not for ]]>
- << Previous post in topic Next post in topic >>