[CalendarServer-dev] Re: [CalendarServer-changes] [1064] CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.element. bas e.patch

Cyrus Daboo cdaboo at apple.com
Fri Jan 19 14:03:52 PST 2007

Hi Wilfredo,

--On January 19, 2007 1:38:06 PM -0800 Wilfredo Sánchez Vega 
<wsanchez at wsanchez.net> wrote:

>    What exactly is the issue with XML attributes?  If they aren't in the
> allowed list, we should raise an error or something, no?  Do we have to
> allow arbitrary unknown attributes to pass through?

Pretty much yes. The specific case here was an xml:lang attribute on 
DAV:displayname which is perfectly fine. Arguably we could perhaps have 
made xml:lang an allowed_attribute (optional) on WebDAVTextElement, but 
maybe it could appear on some other type of element. BTW xml:space is 
another attribute that can appear on text elements, though 2518bis says 
that one MUST be ignored in terms of actual text processing. The point is 
there could be other such xml:... attributes that are significant that we 
should accept (be liberal in what you accept - with the proviso that it 
does no harm).

The fact is WebDAV is very lax in its use of "strict" XML syntax. It really 
ought to explicitly specify which elements can have an xml:lang (as 
required by W3C) but it does not. 2518 section14 makes it clear that 
servers must ignore unknown elements and I take that to also mean unknown 
attributes. In fact if we take that literally we also ought to relax the 
allowed_children behavior to allow unknown elements in.

BTW The XML validation stuff was one area that showed up as needing 
performance improvement - there are a lot of calls to 
WebDAVElement.__init__ when building up a large PROPFIND or REPORT 
response. Arguably we could find a way to turn off validation for XML 
generated by the server on the grounds that we know what we are doing 
(though keep it for debugging) - but we definitely want validation of 
incoming XML from the client.

Cyrus Daboo

More information about the calendarserver-dev mailing list