Loading ...
Sorry, an error occurred while loading the content.
 

CDATA the title and description?

Expand Messages
  • Clinton Gallagher
    So it seems to be a general consensus that CDATA within the title and the description is widely supported at this point in time as a means to allow users to
    Message 1 of 4 , May 24 6:40 PM
      So it seems to be a general consensus that CDATA within the title and the
      description is widely supported at this point in time as a means to allow
      users to submit data such as the word AT&T in a title or description? What
      are the generally accepted pitfalls of using CDATA?

      <%= Clinton
    • Alan Dean
      ... This may be useful for you: http://www.therssweblog.com/?guid=20070522124846 Regards, Alan Dean http://thoughtpad.net/alan-dean
      Message 2 of 4 , May 24 8:03 PM
        On 5/25/07, Clinton Gallagher <csgallagher@...> wrote:
        >
        > So it seems to be a general consensus that CDATA within the title and the
        > description is widely supported at this point in time as a means to allow
        > users to submit data such as the word AT&T in a title or description? What
        > are the generally accepted pitfalls of using CDATA?

        This may be useful for you:

        http://www.therssweblog.com/?guid=20070522124846

        Regards,
        Alan Dean
        http://thoughtpad.net/alan-dean
      • Jon Hanna
        ... It s pretty depressing that widely supported can even be talked about in this case. It s 9 years since XML became a recommendation. There are kids out
        Message 3 of 4 , May 27 4:09 PM
          Clinton Gallagher wrote:
          > So it seems to be a general consensus that CDATA within the title and the
          > description is widely supported at this point in time as a means to allow
          > users to submit data such as the word AT&T in a title or description? What
          > are the generally accepted pitfalls of using CDATA?

          It's pretty depressing that "widely supported" can even be talked about
          in this case. It's 9 years since XML became a recommendation. There are
          kids out there younger than XML that understand CDATA, and some of the
          parsers don't. :(

          Anyway the biggest pitfall I can see with CDATA at the authors side is
          the belief that you can pass anything through without having to worry
          about escaping anything - there is the exception of the string "]]>".
          Now granted the string ]]> doesn't come up very much in normal
          conversation, but it certainly can come up in technical posts, etc. and
          of course Murphy's law applies - if there's a set of inputs that will
          cause failure someone will give you that set of inputs.

          As such you still have to do escaping with anything you are putting into
          a CDATA section so that ]]> gets replaced with ]]>]<![CDATA[]> (there
          are a couple of other workable equivalents).

          Personally, I tend to find it just as handy to escape & and < to &
          and < (and > to > though in most cases that should be safe - but
          again there are parsers that may think differently) especially since I
          got into the habit of looking for those a long time ago when dealing
          with HTML (not to say I never ever overlook that those characters could
          be coming into a given piece of code, but I'm still well used to looking
          out for them and not for ]]>
        • Clinton Gallagher
          ... Well Jon, I was thinking of using Regular Expressions to escape the characters but a couple of test cases with the latest IE, FF and OP browsers showed
          Message 4 of 4 , May 28 9:02 AM
            > > Clinton Gallagher wrote:
            > > So it seems to be a general consensus that CDATA within
            > > the title and the description is widely supported at this
            > > point in time...

            > Jon's 1st reply:
            > Personally, I tend to find it just as handy to escape & and <
            > to & and < (and > to > though in most cases that
            > should be safe ...

            Well Jon, I was thinking of using Regular Expressions to escape
            the characters but a couple of test cases with the latest IE,
            FF and OP browsers showed they do not parse the entities back
            to their respective text characters. What a dilemma!

            At the moment I'm considering doing nothing in the Title, using
            CDATA in the Description and disallow XML in all other elements.
          Your message has been successfully submitted and would be delivered to recipients shortly.