[oslc-core] OSLC Compact representation, titles with markup

Arthur Ryman ryman at ca.ibm.com
Mon Aug 22 16:40:25 EDT 2011


Sam,

You wrote:

It's very difficult to parse the former using XPath. For instance, the
expression "/oslc:Compact/dcterms:title" takes out the "<s>" and "</s>"

I don't think problems using XPath are a valid reason to encode markup 
since RDF/XML itselt is very difficult to process using XPath. At one 
point we tried to define an OSLC-variant of RDF/XML that looked like 
"normal" XML. However, we abandonned that and now require support for 
generic RDF/XML.

The are many equivalent ways to represent a given set of triples in 
RDF/XML. It would therefore be very problematic to use XPath, XSLT, or 
XQuery to process RDF/XML. The safe way to process RDF/XML is to use an 
RDF toolkit like Jena.

Regards, 
___________________________________________________________________________ 

Arthur Ryman 


DE, PPM Chief Architect

IBM Software, Rational 

Toronto Lab | +1-905-413-3077 
Twitter | Facebook | YouTube







From:
Samuel Padgett <spadgett at us.ibm.com>
To:
"oslc-core at open-services.net" <oslc-core at open-services.net>
Cc:
Adam Archer/Toronto/IBM at IBMCA, Randy Hudson <hudsonr at us.ibm.com>
Date:
08/07/2011 01:01 PM
Subject:
[oslc-core] OSLC Compact representation, titles with markup
Sent by:
oslc-core-bounces at open-services.net




I believe the spec is a bit confusing when it comes to titles with markup
for UI Preview.

The Compact representation has a dcterms:title property. It's defined as 
an
XML Literal that can contain XHTML markup [1]. My understanding of XML
Literals as discussed in the RDF Primer [2] means a title with markup 
would
look like this,

  <dcterms:title>12345: <s>Null pointer exception during
startup</s></dcterms:title>

The example [3] of this resource has a title like this, however,

  <dcterms:title> 12345: <s>Null pointer exception during
startup</s> </dcterms:title>

The example doesn't seem to fit with the description.

It's very difficult to parse the former using XPath. For instance, the
expression "/oslc:Compact/dcterms:title" takes out the "<s>" and "</s>"
Most implementations I'm aware also follow the example where markup is
encoded. It means special characters need to be "double encoded." For
instance, "12345: Values > 1000 incorrectly calculated" would be,

  <dcterms:title>12345: Values &gt; 1000 incorrectly
calculated</dcterms:title>

I think we should add more clarity to the spec here, as getting this wrong
can open up consumers to cross-site scripting attacks. I'd also suggest we
say that providers MUST NOT use any markup with a <script> tag and 
consumer
MUST NOT display any markup with a <script> tag to guard against this
problem.

Best Regards,
Sam


[1]
http://open-services.net/bin/view/Main/OslcCoreUiPreview?sortcol=table;up=#Representation_Compact

[2] http://www.w3.org/TR/rdf-syntax/#xmlliterals
[3]
http://open-services.net/bin/view/Main/OslcCoreUiPreview?sortcol=table;up=#XML_Representation_Format



_______________________________________________
Oslc-Core mailing list
Oslc-Core at open-services.net
http://open-services.net/mailman/listinfo/oslc-core_open-services.net







More information about the Oslc-Core mailing list