[oslc-core] OSLC Compact representation, titles with markup
Arthur Ryman
ryman at ca.ibm.com
Mon Aug 22 16:40:25 EDT 2011
Sam,
You wrote:
It's very difficult to parse the former using XPath. For instance, the
expression "/oslc:Compact/dcterms:title" takes out the "<s>" and "</s>"
I don't think problems using XPath are a valid reason to encode markup
since RDF/XML itselt is very difficult to process using XPath. At one
point we tried to define an OSLC-variant of RDF/XML that looked like
"normal" XML. However, we abandonned that and now require support for
generic RDF/XML.
The are many equivalent ways to represent a given set of triples in
RDF/XML. It would therefore be very problematic to use XPath, XSLT, or
XQuery to process RDF/XML. The safe way to process RDF/XML is to use an
RDF toolkit like Jena.
Regards,
___________________________________________________________________________
Arthur Ryman
DE, PPM Chief Architect
IBM Software, Rational
Toronto Lab | +1-905-413-3077
Twitter | Facebook | YouTube
From:
Samuel Padgett <spadgett at us.ibm.com>
To:
"oslc-core at open-services.net" <oslc-core at open-services.net>
Cc:
Adam Archer/Toronto/IBM at IBMCA, Randy Hudson <hudsonr at us.ibm.com>
Date:
08/07/2011 01:01 PM
Subject:
[oslc-core] OSLC Compact representation, titles with markup
Sent by:
oslc-core-bounces at open-services.net
I believe the spec is a bit confusing when it comes to titles with markup
for UI Preview.
The Compact representation has a dcterms:title property. It's defined as
an
XML Literal that can contain XHTML markup [1]. My understanding of XML
Literals as discussed in the RDF Primer [2] means a title with markup
would
look like this,
<dcterms:title>12345: <s>Null pointer exception during
startup</s></dcterms:title>
The example [3] of this resource has a title like this, however,
<dcterms:title> 12345: <s>Null pointer exception during
startup</s> </dcterms:title>
The example doesn't seem to fit with the description.
It's very difficult to parse the former using XPath. For instance, the
expression "/oslc:Compact/dcterms:title" takes out the "<s>" and "</s>"
Most implementations I'm aware also follow the example where markup is
encoded. It means special characters need to be "double encoded." For
instance, "12345: Values > 1000 incorrectly calculated" would be,
<dcterms:title>12345: Values > 1000 incorrectly
calculated</dcterms:title>
I think we should add more clarity to the spec here, as getting this wrong
can open up consumers to cross-site scripting attacks. I'd also suggest we
say that providers MUST NOT use any markup with a <script> tag and
consumer
MUST NOT display any markup with a <script> tag to guard against this
problem.
Best Regards,
Sam
[1]
http://open-services.net/bin/view/Main/OslcCoreUiPreview?sortcol=table;up=#Representation_Compact
[2] http://www.w3.org/TR/rdf-syntax/#xmlliterals
[3]
http://open-services.net/bin/view/Main/OslcCoreUiPreview?sortcol=table;up=#XML_Representation_Format
_______________________________________________
Oslc-Core mailing list
Oslc-Core at open-services.net
http://open-services.net/mailman/listinfo/oslc-core_open-services.net
More information about the Oslc-Core
mailing list