git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "H. Peter Anvin" <hpa@zytor.com>
To: Linus Torvalds <torvalds@osdl.org>
Cc: Ismail Donmez <ismail@uludag.org.tr>, git@vger.kernel.org
Subject: Re: Rss produced by git is not valid xml?
Date: Fri, 18 Nov 2005 12:55:29 -0800	[thread overview]
Message-ID: <437E3FC1.2040307@zytor.com> (raw)
In-Reply-To: <Pine.LNX.4.64.0511181237040.13959@g5.osdl.org>

Linus Torvalds wrote:
> 
> Which is a fine option. Latin-1 is probably the right choice for the 
> kernel, but not necessarily for other projects.
> 
> Another option is to just pass them through unmodified, and encourage the 
> XML parser to handle it. Anything that takes UTF-8 and doesn't have some 
> fallback to handle malformed input is basically buggy. It simply _will_ 
> happen occasionally, quite independently of git.  You can either give up, 
> or try to handle it. And giving up is always the wrong choice.
> 

Not necessarily.  If you can't guarantee that you won't do something 
that's bad for security, giving up is the only valid choice.

The problem, of course, comes into place when people write generic XML 
parsers -- or, for that matter, UTF-8 decoders -- and don't know what 
will happen to the data downstream.  Trying to make invalid data valid 
has the same problems as DWIM (after all, it *is* DWIM): if done on the 
wrong side of a security barrier it has unpredictable consequences.

Thus, making gitweb -- a producer application -- do the guessing is 
probably the right thing.

Sorry, Mr. Protocol; in this malware-infested world the old adage "be 
liberal in what you accept, conservative in what you send" unfortunately 
has had to be modified.

	-hpa

  reply	other threads:[~2005-11-18 20:55 UTC|newest]

Thread overview: 53+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-18 16:33 Rss produced by git is not valid xml? Ismail Donmez
2005-11-18 17:26 ` Ismail Donmez
2005-11-18 19:27   ` Ismail Donmez
2005-11-18 20:02     ` Kay Sievers
2005-11-18 20:08       ` Ismail Donmez
2005-11-18 20:22         ` Linus Torvalds
2005-11-18 20:28           ` H. Peter Anvin
2005-11-18 20:47             ` Linus Torvalds
2005-11-18 20:55               ` H. Peter Anvin [this message]
2005-11-18 20:51             ` Josef Weidendorfer
2005-11-18 21:01               ` Kay Sievers
2005-11-18 20:45           ` Ismail Donmez
2005-11-18 21:13             ` Linus Torvalds
2005-11-18 21:22               ` Ismail Donmez
2005-11-18 21:25             ` Junio C Hamano
2005-11-18 21:29               ` Ismail Donmez
2005-11-19  8:48                 ` Junio C Hamano
2005-11-18 20:55           ` Kay Sievers
2005-11-18 21:30             ` Linus Torvalds
2005-11-18 21:33               ` Ismail Donmez
2005-11-18 21:48               ` Linus Torvalds
2005-11-18 22:12                 ` H. Peter Anvin
2005-11-18 23:20                   ` Linus Torvalds
2005-11-18 23:34                     ` H. Peter Anvin
2005-11-18 23:53                       ` Andreas Ericsson
2005-11-19  1:22                         ` H. Peter Anvin
2005-11-19  8:49                           ` Andreas Ericsson
2005-11-19 10:58                             ` Johannes Schindelin
2005-11-18 23:57                       ` Linus Torvalds
2005-11-18 23:58                         ` H. Peter Anvin
2005-11-19  0:29                           ` Johannes Schindelin
2005-11-18 23:25                   ` Linus Torvalds
2005-11-19  0:34                     ` Johannes Schindelin
2005-11-19  0:37                     ` Junio C Hamano
2005-11-19  1:05                       ` Linus Torvalds
2005-11-19 10:31                         ` Junio C Hamano
2005-11-19 17:52                           ` Linus Torvalds
2005-11-20  1:16                             ` Johannes Schindelin
2005-11-20  3:10                               ` Linus Torvalds
2005-11-20  4:13                                 ` Johannes Schindelin
     [not found]                             ` <20051127025249.GA12286@vrfy.org>
2005-11-27  3:57                               ` Junio C Hamano
2005-11-27  4:13                                 ` Linus Torvalds
2005-11-28  0:39                                   ` [PATCH 2/3] mailinfo: allow -u to fall back on latin1 to utf8 conversion Junio C Hamano
2005-11-28  6:32                                     ` H. Peter Anvin
2005-11-28  9:21                                       ` Junio C Hamano
2005-11-27 16:18                                 ` Rss produced by git is not valid xml? Kay Sievers
2005-11-19  0:04       ` Johannes Schindelin
2005-11-20 18:28         ` H. Peter Anvin
2005-11-21  8:38           ` Johannes Schindelin
2005-11-21  9:28             ` H. Peter Anvin
2005-11-19  3:28       ` Junio C Hamano
2005-11-19  4:35         ` H. Peter Anvin
  -- strict thread matches above, loose matches on Subject: below --
2005-11-19  6:31 Marco Costalba

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=437E3FC1.2040307@zytor.com \
    --to=hpa@zytor.com \
    --cc=git@vger.kernel.org \
    --cc=ismail@uludag.org.tr \
    --cc=torvalds@osdl.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).