[oslc-core] OSLC Compact representation, titles with markup
Arthur Ryman
ryman at ca.ibm.com
Mon Aug 22 16:55:36 EDT 2011
Randy,
I think example [3] is wrong. If the datatype is plain text then you
should not assume it contains encoded HTML. If you need to include markup
then you should use XML Literal datatype, and use XHTML content. This is
described in the core spec [4] which gives guidance for putting markup in
dcterms:title and dcterms:description.
[4]
http://open-services.net/bin/view/Main/OSLCCoreSpecAppendixA#Dublin_Core_Properties
Regards,
___________________________________________________________________________
Arthur Ryman
DE, PPM Chief Architect
IBM Software, Rational
Toronto Lab | +1-905-413-3077
Twitter | Facebook | YouTube
From:
Randy Hudson <hudsonr at us.ibm.com>
To:
Samuel Padgett <spadgett at us.ibm.com>, Steve K Speicher
<sspeiche at us.ibm.com>
Cc:
Adam Archer/Toronto/IBM at IBMCA, "oslc-core at open-services.net"
<oslc-core at open-services.net>
Date:
08/08/2011 11:54 AM
Subject:
Re: [oslc-core] OSLC Compact representation, titles with markup
Sent by:
oslc-core-bounces at open-services.net
Sam,
I agree that the spec needs to be more clear, but I don't agree with your
interpretation of the current spec.
If the spec says that a property's value is of type "string", then to
persist the string "<foo>" in XML+RDF, you must escape that string as
"<foo>" in the raw XML. It's my understanding (and I could be
wrong)
that this is true of any data type, including XML Literal. So if the
title's value were "<b>foo</b>", persisting that value to XML+RDF would
require escaping characters like '<'. Persisting that same value using
another format, like N3, maybe wouldn't require the same characters to be
escaped.
I have some suggested changes that I'll get to in a future email, but can
we first agree that the current spec's example does in fact agree with the
current spec? I think it's important that we all start on the same page
before we write the next one :-)
-Randy
|------------>
| From: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|Samuel Padgett/Durham/IBM |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|oslc-core at open-services.net <oslc-core at open-services.net> |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Cc: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|Randy Hudson/Raleigh/IBM at IBMUS, Adam Archer/Toronto/IBM at IBMCA
|
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|08/07/2011 01:06 PM |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|OSLC Compact representation, titles with markup |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
Small correction, that first example should be,
<dcterms:title rdf:parseType="Literal">12345: <s>Null pointer exception
during startup</s></dcterms:title>
- Sam
__________________
I believe the spec is a bit confusing when it comes to titles with markup
for UI Preview.
The Compact representation has a dcterms:title property. It's defined as
an
XML Literal that can contain XHTML markup [1]. My understanding of XML
Literals as discussed in the RDF Primer [2] means a title with markup
would
look like this,
<dcterms:title>12345: <s>Null pointer exception during
startup</s></dcterms:title>
The example [3] of this resource has a title like this, however,
<dcterms:title> 12345: <s>Null pointer exception during
startup</s> </dcterms:title>
The example doesn't seem to fit with the description.
It's very difficult to parse the former using XPath. For instance, the
expression "/oslc:Compact/dcterms:title" takes out the "<s>" and "</s>"
Most implementations I'm aware also follow the example where markup is
encoded. It means special characters need to be "double encoded." For
instance, "12345: Values > 1000 incorrectly calculated" would be,
<dcterms:title>12345: Values > 1000 incorrectly
calculated</dcterms:title>
I think we should add more clarity to the spec here, as getting this wrong
can open up consumers to cross-site scripting attacks. I'd also suggest we
say that providers MUST NOT use any markup with a <script> tag and
consumer
MUST NOT display any markup with a <script> tag to guard against this
problem.
Best Regards,
Sam
[1]
http://open-services.net/bin/view/Main/OslcCoreUiPreview?sortcol=table;up=#Representation_Compact
[2] http://www.w3.org/TR/rdf-syntax/#xmlliterals
[3]
http://open-services.net/bin/view/Main/OslcCoreUiPreview?sortcol=table;up=#XML_Representation_Format
_______________________________________________
Oslc-Core mailing list
Oslc-Core at open-services.net
http://open-services.net/mailman/listinfo/oslc-core_open-services.net
More information about the Oslc-Core
mailing list