[oslc-core] OSLC Compact representation, titles with markup

Randy Hudson hudsonr at us.ibm.com
Tue Aug 23 10:36:19 EDT 2011


I don't think the value's datatype is the same as the parseType.  The data
is [X]HTML, no matter what.  It is typically encoded, because that's the
way you store a value in XML, and as long as you follow standard XML
practice, using XPath to extract it has been pretty straightforward.  For
better or worse, RDF/XML supports the use of parseType, but many OSLC
consumers out there today are not going to handle documents that chose to
use parseType.

Also, the value really needs to be a snippet of HTML, not XHTML.  Existing
consumers are taking the value as if it were HTML and putting (after
sanitizing) it directly in an existing HTML page.  I'm sure there would be
problems consuming an XHTML snippet, for example, one that chose to assign
the XHTML to a non-default namespace.

FWIW, there are other places where OSLC deviates from what RDF/XML allows.
e.g., requiring the use of absolute URIs.

-Randy



|------------>
| From:      |
|------------>
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Arthur Ryman <ryman at ca.ibm.com>                                                                                                                   |
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To:        |
|------------>
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Randy Hudson/Raleigh/IBM at IBMUS                                                                                                                    |
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Cc:        |
|------------>
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Adam Archer <agarcher at ca.ibm.com>, "oslc-core at open-services.net" <oslc-core at open-services.net>, oslc-core-bounces at open-services.net, Samuel       |
  |Padgett/Durham/IBM at IBMUS, Steve K Speicher/Raleigh/IBM at IBMUS                                                                                      |
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date:      |
|------------>
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
  |08/22/2011 04:55 PM                                                                                                                               |
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject:   |
|------------>
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Re: [oslc-core] OSLC Compact representation, titles with markup                                                                                   |
  >--------------------------------------------------------------------------------------------------------------------------------------------------|





Randy,

I think example [3] is wrong. If the datatype is plain text then you
should not assume it contains encoded HTML. If you need to include markup
then you should use XML Literal datatype, and use XHTML content. This is
described in the core spec [4] which gives guidance for putting markup in
dcterms:title and dcterms:description.

[4]
http://open-services.net/bin/view/Main/OSLCCoreSpecAppendixA#Dublin_Core_Properties


Regards,
___________________________________________________________________________


Arthur Ryman


DE, PPM Chief Architect

IBM Software, Rational

Toronto Lab | +1-905-413-3077
Twitter | Facebook | YouTube







From:
Randy Hudson <hudsonr at us.ibm.com>
To:
Samuel Padgett <spadgett at us.ibm.com>, Steve K Speicher
<sspeiche at us.ibm.com>
Cc:
Adam Archer/Toronto/IBM at IBMCA, "oslc-core at open-services.net"
<oslc-core at open-services.net>
Date:
08/08/2011 11:54 AM
Subject:
Re: [oslc-core] OSLC Compact representation, titles with markup
Sent by:
oslc-core-bounces at open-services.net



Sam,

I agree that the spec needs to be more clear, but I don't agree with your
interpretation of the current spec.

If the spec says that a property's value is of type "string", then to
persist the string "<foo>" in XML+RDF, you must escape that string as
"<foo>" in the raw XML.  It's my understanding (and I could be
wrong)
that this is true of any data type, including XML Literal.  So if the
title's value were "<b>foo</b>", persisting that value to XML+RDF would
require escaping characters like '<'.  Persisting that same value using
another format, like N3, maybe wouldn't require the same characters to be
escaped.

I have some suggested changes that I'll get to in a future email, but can
we first agree that the current spec's example does in fact agree with the
current spec?  I think it's important that we all start on the same page
before we write the next one :-)

-Randy


|------------>
| From:      |
|------------>

>--------------------------------------------------------------------------------------------------------------------------------------------------|

  |Samuel Padgett/Durham/IBM                              |

>--------------------------------------------------------------------------------------------------------------------------------------------------|

|------------>
| To:        |
|------------>

>--------------------------------------------------------------------------------------------------------------------------------------------------|

  |oslc-core at open-services.net <oslc-core at open-services.net>            |

>--------------------------------------------------------------------------------------------------------------------------------------------------|

|------------>
| Cc:        |
|------------>

>--------------------------------------------------------------------------------------------------------------------------------------------------|

  |Randy Hudson/Raleigh/IBM at IBMUS, Adam Archer/Toronto/IBM at IBMCA
                   |

>--------------------------------------------------------------------------------------------------------------------------------------------------|

|------------>
| Date:      |
|------------>

>--------------------------------------------------------------------------------------------------------------------------------------------------|

  |08/07/2011 01:06 PM                        |

>--------------------------------------------------------------------------------------------------------------------------------------------------|

|------------>
| Subject:   |
|------------>

>--------------------------------------------------------------------------------------------------------------------------------------------------|

  |OSLC Compact representation, titles with markup         |

>--------------------------------------------------------------------------------------------------------------------------------------------------|





Small correction, that first example should be,

  <dcterms:title rdf:parseType="Literal">12345: <s>Null pointer exception
during startup</s></dcterms:title>

- Sam


__________________

I believe the spec is a bit confusing when it comes to titles with markup
for UI Preview.

The Compact representation has a dcterms:title property. It's defined as
an
XML Literal that can contain XHTML markup [1]. My understanding of XML
Literals as discussed in the RDF Primer [2] means a title with markup
would
look like this,

  <dcterms:title>12345: <s>Null pointer exception during
startup</s></dcterms:title>

The example [3] of this resource has a title like this, however,

  <dcterms:title> 12345: <s>Null pointer exception during
startup</s> </dcterms:title>

The example doesn't seem to fit with the description.

It's very difficult to parse the former using XPath. For instance, the
expression "/oslc:Compact/dcterms:title" takes out the "<s>" and "</s>"
Most implementations I'm aware also follow the example where markup is
encoded. It means special characters need to be "double encoded." For
instance, "12345: Values > 1000 incorrectly calculated" would be,

  <dcterms:title>12345: Values &gt; 1000 incorrectly
calculated</dcterms:title>

I think we should add more clarity to the spec here, as getting this wrong
can open up consumers to cross-site scripting attacks. I'd also suggest we
say that providers MUST NOT use any markup with a <script> tag and
consumer
MUST NOT display any markup with a <script> tag to guard against this
problem.

Best Regards,
Sam


[1]
http://open-services.net/bin/view/Main/OslcCoreUiPreview?sortcol=table;up=#Representation_Compact


[2] http://www.w3.org/TR/rdf-syntax/#xmlliterals
[3]
http://open-services.net/bin/view/Main/OslcCoreUiPreview?sortcol=table;up=#XML_Representation_Format




_______________________________________________
Oslc-Core mailing list
Oslc-Core at open-services.net
http://open-services.net/mailman/listinfo/oslc-core_open-services.net








More information about the Oslc-Core mailing list