Comment On The XML Escape

Why not replace all ampersands with the the three characters AND ?!

Or would that inhibit their ability to apply SQL queries to the XML string?

You obviously failed to read the article.

ParkinT:

Why not replace all ampersands with the the three characters AND ?!

If they could have done that, they also could have replaced all ampersands with the five characters "&".

I'll buy that for a &.

We once asked a customer to properly xmlencode special characters when sending over xml. This is what we got:
<customer_name>Brandon & Sons</customer_name>

:(

I suppose before they change the &'s to $'s, they should change the $'s to something else... but they cannot change it to USD, so it'll have to be # (most likely), which will probably translate to the pound symbol... hahahaha.

They're fixing the symptom not the root cause...

Wait until they get other special characters like "ë" etc... they also sometimes throw off home-grown (and M$, I mean M& developed) XML parsers.

But that's a problem for another day I guess...

Sweet. I'm naming my next company <FooCo/> -- I wonder how many XML apps will choke on that.

This WTF happens all the time at my company, except the trading partners say "We'll get right on it and fix it," but they never do.

I've torn out like 10 different ones in our codebase, all written differently. It seems like a rite of passage for crap programmers to try and reimplement an XML parser or generator. Badly.

I actually had to do it because some of the homegrown solutions were bogging down the server... Yay XML::LibXML and Devel::NYTProf::Apache.

My boss didn't believe me until I stepped through the profiling results with him.

How about:

* U+FE60 ﹠​ small ampersand
* U+FF06 ＆​ fullwidth ampersand
* U+214B ⅋​ inverted ampersand

Fr3nchie:

ParkinT:

Why not replace all ampersands with the the three characters AND ?!

If they could have done that, they also could have replaced all ampersands with the five characters "&amp;".

That's cool. But what about the infinite recursion problem when replacing the leading character in "&amp;" with "&amp;"? Did you think about that?

I hope his company isn't doing any business with Ke$ha's production company.

What if the content legitimately contains a dollar sign? Wouldn't that be wrongly converted to an ampersand? Bunch of losers..

CDATA to the rescue!

DonaldK:

Wait until they get other special characters like "ë" etc...

In theory, you can put things like that in an XML file without problems. As long as, in theory, the encoding is right.

Anyway, seriously now. I don't understand why they didn't simply use a plus sign. Brandon + Sons sounds much more like Brandon & Sons than Brandon $ Sons. Doesn't it.

because you would never need $ as a real character right....

awful

frits:

Fr3nchie:

ParkinT:

Why not replace all ampersands with the the three characters AND ?!

If they could have done that, they also could have replaced all ampersands with the five characters "&amp;".

That's cool. But what about the infinite recursion problem when replacing the leading character in "&amp;" with "&amp;"? Did you think about that?

You don't like &&&&&&&&&&&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; constructs?
CAPTCH: ingenium - a true ingenium way of handling &'s in XML

Old Crow T. Robot:

I hope his company isn't doing any business with Ke$ha's production company.

Hey, I just got off the phone with Micro&oft.

The next time they invoice for maintenance, send them a check payable in &

ParkinT:

Why not replace all ampersands with the the three characters AND ?!

Or would that inhibit their ability to apply SQL queries to the XML string?

If they could do multi-character replacement, then I choose "WTF".

The only proper way out of this mess is to change the name of the customer.

Instead of replacing the ampersand, try replacing the vendor.

They're changing all the longs to strings?!

ParkinT:

Why not replace all ampersands with the the three characters AND ?!

Because the original string might not be in english ?

Anon:

CDATA to the rescue!

Which is fine as long as your data doesn't contain the sequence “]]>”…

Long story short, it was absolutely impossible for them to do a multi-character replacement...

Maybe it's written in C. I seem to recall that multi-character search-and-replace wasn't exactly a straightforward process.

As for "absolutely impossible"... maybe for their programmers, it seems...

String Nagesh = "<customer_name>Brandon & Sons</customer_name>";

System.out.println("Substitution string = " + Nagesh.replace('&', '&amp;');

Test.java:4: unclosed character literal

                System.out.println("Substitution string = " + Nagesh.replace('&'

, '&');



  ^

frits:

But what about the infinite recursion problem when replacing the leading character in "&amp;" with "&amp;"? Did you think about that?

I'm pretty sure you'd replace the leading character in "&amp;" with &quot;

Blue Leader:

Sweet. I'm naming my next company <FooCo/> -- I wonder how many XML apps will choke on that.

Why not go all the way and name your company <Foo]]>Co/>.

boog:

frits:

But what about the infinite recursion problem when replacing the leading character in "&amp;" with "&amp;"? Did you think about that?

I'm pretty sure you'd replace the leading character in "&amp;" with &quot;

You're lack of understanding of English Language syntax surprises me.

Sometimes the solution to the problem is so simple that nobody seems to notice. Why not ask Brandon & Sons to rename their business? I wouldn’t advise ‘Brandon $ Sons’, but ‘Brandon, Bart and Bobbie’ would be just fine.

>You're

0/10
Try harder.

What if the content legitimately contains a dollar sign? Wouldn't that be wrongly converted to an ampersand? Bunch of losers..

Infinite recursion of replacing & with &amp;... unclosed character literals...

Code trolls make me cry inside.

Our EDI team did exactly this to us a few years ago. We negotiated XML as an interchange format and in testing we started getting files with unescaped ampersands.

Also, when we sent them data, they choked on all of our data. The hand-built test files had each element on a separate line, and our chose parser didn't add line breaks between elements. We were blamed for "changing the format".

I sent them a link to the XML spec and they responded "we can't do all that". To this day, we exchange pseudo-XML with a pre-processor on our end.

Andrei Rinea:

What if the content legitimately contains a dollar sign? Wouldn't that be wrongly converted to an ampersand? Bunch of retards..

Please attempt some sensitivity: I had a son who was retarded, and let me assure you it is no laughing matter.

frits:

boog:

frits:

But what about the infinite recursion problem when replacing the leading character in "&amp;" with "&amp;"? Did you think about that?

I'm pretty sure you'd replace the leading character in "&amp;" with &quot;.

You're lack of understanding of English Language syntax surprises me.

Your right, I forgot the period at the end of my sentence, silly me. Sorry.

Sorry, everyone.

Bob:

Please attempt some sensitivity: I had a son who was retarded...

Did he get better?

The real WTF is XML.

The whole 'self-describing' thing is stupid, unnecessary, and nearly impossible to implement, so, avoid the hassle. Write data protocols which match your data, don't squeeze your data into a generic protocol.

boog:

Bob:

Please attempt some sensitivity: I had a son who was retarded...

Did he get better?

He probably got a job with this vendor.

Bob:

Please attempt some sensitivity: I had a son who was retarded, and let me assure you it is no laughing matter.

Don't worry. He takes after his father.

faoileag:

frits:

Fr3nchie:

ParkinT:

Why not replace all ampersands with the the three characters AND ?!

If they could have done that, they also could have replaced all ampersands with the five characters "&amp;".

That's cool. But what about the infinite recursion problem when replacing the leading character in "&amp;" with "&amp;"? Did you think about that?

You don't like &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; constructs?

FTFY - but I guess that's expected from somebody who includes their CAPTCHA in their post.

Jaime:

Our EDI team did exactly this to us a few years ago. We negotiated XML as an interchange format and in testing we started getting files with unescaped ampersands.

Also, when we sent them data, they choked on all of our data. The hand-built test files had each element on a separate line, and our chose parser didn't add line breaks between elements. We were blamed for "changing the format".

I sent them a link to the XML spec and they responded "we can't do all that". To this day, we exchange pseudo-XML with a pre-processor on our end.

I knew I am not alone!
Fnac (http://en.wikipedia.org/wiki/Fnac) does exactly this.

Plus you cannot use shorthands like <field/> for an empty field.

One time I work on request to make sure that there are exact number of cariage return marks in an address field.

That was big WTF. I send story to Alex, but it not published yet.

Noread:

Blue Leader:

Sweet. I'm naming my next company <FooCo/> -- I wonder how many XML apps will choke on that.

Why not go all the way and name your company <Foo]]>Co/>.

<Foo]]-->Co;/>'or 1=1;drop table customers

And yes, we've all seen the XKCD reference, no need to repeat it.

--Joe

frits:

Fr3nchie:

ParkinT:

Why not replace all ampersands with the the three characters AND ?!

If they could have done that, they also could have replaced all ampersands with the five characters "&amp;".

That's cool. But what about the infinite recursion problem when replacing the leading character in "&amp;" with "&amp;"? Did you think about that?

frits, you're high this morning

Noread:

Blue Leader:

Sweet. I'm naming my next company <FooCo/> -- I wonder how many XML apps will choke on that.

Why not go all the way and name your company <Foo]]>Co/>.

ITYM ]]><![CDATA[. And, of course, Bobby Tables would be the CEO.

Another stupid XML one... HP's iLO technology that allows low-level management of servers (things like remotely power cycling a hung server) has an XML based communications protocol. However, the response to any command is formatted like this:

<RIBCL VERSION="2.22"/>
... stuff ...
</RIBCL>

So, it's not possible to parse the response with any XML parser.

It also occasionally returns multiple complete XML documents, complete with an XML directive for each. Example:

<?xml version="1.0"?>
... result 1 ...
<?xml version="1.0"?>
... result 2 ...

boog:

Your right, I forgot the period at the end of my sentence, silly me. Sorry.

Yes, you're supposed to have the period placed so that it's on your right, not my right.

acsi:

frits:

Fr3nchie:

ParkinT:

Why not replace all ampersands with the the three characters AND ?!

If they could have done that, they also could have replaced all ampersands with the five characters "&amp;".

That's cool. But what about the infinite recursion problem when replacing the leading character in "&amp;" with "&amp;"? Did you think about that?

frits, you're high this morning

Right, because I totally meant that, Captchaman.