[CalendarServer-dev] Re: [CalendarServer-changes]
 CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.element. bas
cdaboo at apple.com
Fri Jan 19 14:03:52 PST 2007
--On January 19, 2007 1:38:06 PM -0800 Wilfredo Sánchez Vega
<wsanchez at wsanchez.net> wrote:
> What exactly is the issue with XML attributes? If they aren't in the
> allowed list, we should raise an error or something, no? Do we have to
> allow arbitrary unknown attributes to pass through?
Pretty much yes. The specific case here was an xml:lang attribute on
DAV:displayname which is perfectly fine. Arguably we could perhaps have
made xml:lang an allowed_attribute (optional) on WebDAVTextElement, but
maybe it could appear on some other type of element. BTW xml:space is
another attribute that can appear on text elements, though 2518bis says
that one MUST be ignored in terms of actual text processing. The point is
there could be other such xml:... attributes that are significant that we
should accept (be liberal in what you accept - with the proviso that it
does no harm).
The fact is WebDAV is very lax in its use of "strict" XML syntax. It really
ought to explicitly specify which elements can have an xml:lang (as
required by W3C) but it does not. 2518 section14 makes it clear that
servers must ignore unknown elements and I take that to also mean unknown
attributes. In fact if we take that literally we also ought to relax the
allowed_children behavior to allow unknown elements in.
BTW The XML validation stuff was one area that showed up as needing
performance improvement - there are a lot of calls to
WebDAVElement.__init__ when building up a large PROPFIND or REPORT
response. Arguably we could find a way to turn off validation for XML
generated by the server on the grounds that we know what we are doing
(though keep it for debugging) - but we definitely want validation of
incoming XML from the client.
More information about the calendarserver-dev