• (cs)

    Why not replace all ampersands with the the three characters AND ?!

    Or would that inhibit their ability to apply SQL queries to the XML string?

  • Null (unregistered)

    You obviously failed to read the article.

  • Fr3nchie (unregistered) in reply to ParkinT
    ParkinT:
    Why not replace all ampersands with the the three characters AND ?!
    If they could have done that, they also could have replaced all ampersands with the five characters "&".
  • (cs)

    I'll buy that for a &.

  • (cs)

    We once asked a customer to properly xmlencode special characters when sending over xml. This is what we got: <customer_name>Brandon & Sons</customer_name>

    :(

  • DonaldK (unregistered)

    I suppose before they change the &'s to $'s, they should change the $'s to something else... but they cannot change it to USD, so it'll have to be # (most likely), which will probably translate to the pound symbol... hahahaha.

    They're fixing the symptom not the root cause...

    Wait until they get other special characters like "ë" etc... they also sometimes throw off home-grown (and M$, I mean M& developed) XML parsers.

    But that's a problem for another day I guess...

  • Blue Leader (unregistered)

    Sweet. I'm naming my next company <FooCo/> -- I wonder how many XML apps will choke on that.

  • OneMist8k (unregistered)

    This WTF happens all the time at my company, except the trading partners say "We'll get right on it and fix it," but they never do.

  • anonymous_coder() (unregistered)

    I've torn out like 10 different ones in our codebase, all written differently. It seems like a rite of passage for crap programmers to try and reimplement an XML parser or generator. Badly.

    I actually had to do it because some of the homegrown solutions were bogging down the server... Yay XML::LibXML and Devel::NYTProf::Apache.

    My boss didn't believe me until I stepped through the profiling results with him.

  • Demo (unregistered)

    How about:

    • U+FE60 ﹠​ small ampersand
    • U+FF06 &​ fullwidth ampersand
    • U+214B ⅋​ inverted ampersand
  • (cs) in reply to Fr3nchie
    Fr3nchie:
    ParkinT:
    Why not replace all ampersands with the the three characters AND ?!
    If they could have done that, they also could have replaced all ampersands with the five characters "&".
    That's cool. But what about the infinite recursion problem when replacing the leading character in "&" with "&"? Did you think about that?
  • Old Crow T. Robot (unregistered)

    I hope his company isn't doing any business with Ke$ha's production company.

  • Andrei Rinea (unregistered)

    What if the content legitimately contains a dollar sign? Wouldn't that be wrongly converted to an ampersand? Bunch of losers..

  • Anon (unregistered)

    CDATA to the rescue!

  • (cs) in reply to DonaldK
    DonaldK:
    Wait until they get other special characters like "ë" etc...
    In theory, you can put things like that in an XML file without problems. As long as, in theory, the encoding is right.

    Anyway, seriously now. I don't understand why they didn't simply use a plus sign. Brandon + Sons sounds much more like Brandon & Sons than Brandon $ Sons. Doesn't it.

  • Anonymous Guy (unregistered)

    because you would never need $ as a real character right....

    awful

  • faoileag (unregistered) in reply to frits
    frits:
    Fr3nchie:
    ParkinT:
    Why not replace all ampersands with the the three characters AND ?!
    If they could have done that, they also could have replaced all ampersands with the five characters "&".
    That's cool. But what about the infinite recursion problem when replacing the leading character in "&" with "&"? Did you think about that?
    You don't like &&&&&&&&&&&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; constructs? CAPTCH: ingenium - a true ingenium way of handling &'s in XML
  • Hexadecima (unregistered) in reply to Old Crow T. Robot
    Old Crow T. Robot:
    I hope his company isn't doing any business with Ke$ha's production company.

    Hey, I just got off the phone with Micro&oft.

  • Mr Keith (unregistered)

    The next time they invoice for maintenance, send them a check payable in &

  • Andrew (unregistered) in reply to ParkinT
    ParkinT:
    Why not replace all ampersands with the the three characters AND ?!

    Or would that inhibit their ability to apply SQL queries to the XML string?

    If they could do multi-character replacement, then I choose "WTF".

  • (cs)

    The only proper way out of this mess is to change the name of the customer.

  • (cs)

    Instead of replacing the ampersand, try replacing the vendor.

  • (cs)

    They're changing all the longs to strings?!

  • Laurent (unregistered) in reply to ParkinT
    ParkinT:
    Why not replace all ampersands with the the three characters AND ?!

    Because the original string might not be in english ?

  • (cs) in reply to Anon
    Anon:
    CDATA to the rescue!
    Which is fine as long as your data doesn't contain the sequence “]]>”…
  • (cs)
    Long story short, it was absolutely impossible for them to do a multi-character replacement...
    Maybe it's written in C. I seem to recall that multi-character search-and-replace wasn't exactly a straightforward process.

    As for "absolutely impossible"... maybe for their programmers, it seems...

  • Nagesh (unregistered) 
    String Nagesh = "<customer_name>Brandon & Sons</customer_name>";
System.out.println("Substitution string = " + Nagesh.replace('&', '&');

    Test.java:4: unclosed character literal
                System.out.println("Substitution string = " + Nagesh.replace('&'
, '&');

  ^
  • (cs) in reply to frits
    frits:
    But what about the infinite recursion problem when replacing the leading character in "&" with "&"? Did you think about that?
    I'm pretty sure you'd replace the leading character in "&" with "
  • Noread (unregistered) in reply to Blue Leader
    Blue Leader:
    Sweet. I'm naming my next company <FooCo/> -- I wonder how many XML apps will choke on that.
    Why not go all the way and name your company <Foo]]>Co/>.
  • (cs) in reply to boog
    boog:
    frits:
    But what about the infinite recursion problem when replacing the leading character in "&" with "&"? Did you think about that?
    I'm pretty sure you'd replace the leading character in "&" with "
    You're lack of understanding of English Language syntax surprises me.
  • (cs)

    Sometimes the solution to the problem is so simple that nobody seems to notice. Why not ask Brandon & Sons to rename their business? I wouldn’t advise ‘Brandon $ Sons’, but ‘Brandon, Bart and Bobbie’ would be just fine.

  • Anon (unregistered) in reply to frits

    You're

    0/10 Try harder.

  • (cs)

    What if the content legitimately contains a dollar sign? Wouldn't that be wrongly converted to an ampersand? Bunch of losers..

  • Ben (unregistered)

    Infinite recursion of replacing & with &... unclosed character literals...

    Code trolls make me cry inside.

  • (cs)

    Our EDI team did exactly this to us a few years ago. We negotiated XML as an interchange format and in testing we started getting files with unescaped ampersands.

    Also, when we sent them data, they choked on all of our data. The hand-built test files had each element on a separate line, and our chose parser didn't add line breaks between elements. We were blamed for "changing the format".

    I sent them a link to the XML spec and they responded "we can't do all that". To this day, we exchange pseudo-XML with a pre-processor on our end.

  • Bob (unregistered) in reply to Andrei Rinea
    Andrei Rinea:
    What if the content legitimately contains a dollar sign? Wouldn't that be wrongly converted to an ampersand? Bunch of retards..
    Please attempt some sensitivity: I had a son who was retarded, and let me assure you it is no laughing matter.
  • (cs) in reply to frits
    frits:
    boog:
    frits:
    But what about the infinite recursion problem when replacing the leading character in "&" with "&"? Did you think about that?
    I'm pretty sure you'd replace the leading character in "&" with ".
    You're lack of understanding of English Language syntax surprises me.
    Your right, I forgot the period at the end of my sentence, silly me. Sorry.

    Sorry, everyone.

  • (cs) in reply to Bob
    Bob:
    Please attempt some sensitivity: I had a son who was retarded...
    Did he get better?
  • Smitt-Tay (unregistered)

    The real WTF is XML.

    The whole 'self-describing' thing is stupid, unnecessary, and nearly impossible to implement, so, avoid the hassle. Write data protocols which match your data, don't squeeze your data into a generic protocol.

  • (cs) in reply to boog
    boog:
    Bob:
    Please attempt some sensitivity: I had a son who was retarded...
    Did he get better?
    He probably got a job with this vendor.
  • (cs) in reply to Bob
    Bob:
    Please attempt some sensitivity: I had a son who was retarded, and let me assure you it is no laughing matter.
    Don't worry. He takes after his father.
  • Anon (unregistered) in reply to faoileag
    faoileag:
    frits:
    Fr3nchie:
    ParkinT:
    Why not replace all ampersands with the the three characters AND ?!
    If they could have done that, they also could have replaced all ampersands with the five characters "&".
    That's cool. But what about the infinite recursion problem when replacing the leading character in "&" with "&"? Did you think about that?
    You don't like &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; constructs?

    FTFY - but I guess that's expected from somebody who includes their CAPTCHA in their post.

  • (cs) in reply to Jaime
    Jaime:
    Our EDI team did exactly this to us a few years ago. We negotiated XML as an interchange format and in testing we started getting files with unescaped ampersands.

    Also, when we sent them data, they choked on all of our data. The hand-built test files had each element on a separate line, and our chose parser didn't add line breaks between elements. We were blamed for "changing the format".

    I sent them a link to the XML spec and they responded "we can't do all that". To this day, we exchange pseudo-XML with a pre-processor on our end.

    I knew I am not alone! Fnac (http://en.wikipedia.org/wiki/Fnac) does exactly this.

    Plus you cannot use shorthands like <field/> for an empty field.

  • (cs)

    One time I work on request to make sure that there are exact number of cariage return marks in an address field.

    That was big WTF. I send story to Alex, but it not published yet.

  • Joe (unregistered) in reply to Noread
    Noread:
    Blue Leader:
    Sweet. I'm naming my next company <FooCo/> -- I wonder how many XML apps will choke on that.
    Why not go all the way and name your company <Foo]]>Co/>.
    <Foo]]-->Co;/>'or 1=1;drop table customers

    And yes, we've all seen the XKCD reference, no need to repeat it.

    --Joe

  • acsi (unregistered) in reply to frits
    frits:
    Fr3nchie:
    ParkinT:
    Why not replace all ampersands with the the three characters AND ?!
    If they could have done that, they also could have replaced all ampersands with the five characters "&".
    That's cool. But what about the infinite recursion problem when replacing the leading character in "&" with "&"? Did you think about that?

    frits, you're high this morning

  • Ken B. (unregistered) in reply to Noread
    Noread:
    Blue Leader:
    Sweet. I'm naming my next company <FooCo/> -- I wonder how many XML apps will choke on that.
    Why not go all the way and name your company <Foo]]>Co/>.
    ITYM ]]><![CDATA[</b>. And, of course, Bobby Tables would be the CEO.
  • (cs)

    Another stupid XML one... HP's iLO technology that allows low-level management of servers (things like remotely power cycling a hung server) has an XML based communications protocol. However, the response to any command is formatted like this:

    <RIBCL VERSION="2.22"/> ... stuff ... </RIBCL>

    So, it's not possible to parse the response with any XML parser.

    It also occasionally returns multiple complete XML documents, complete with an XML directive for each. Example:

    <?xml version="1.0"?>

    ... result 1 ...

    <?xml version="1.0"?>

    ... result 2 ...

  • Ken B. (unregistered) in reply to boog
    boog:
    Your right, I forgot the period at the end of my sentence, silly me. Sorry.
    Yes, you're supposed to have the period placed so that it's on your right, not my right.
  • (cs) in reply to acsi
    acsi:
    frits:
    Fr3nchie:
    ParkinT:
    Why not replace all ampersands with the the three characters AND ?!
    If they could have done that, they also could have replaced all ampersands with the five characters "&".
    That's cool. But what about the infinite recursion problem when replacing the leading character in "&" with "&"? Did you think about that?

    frits, you're high this morning

    Right, because I totally meant that, Captchaman.

Leave a comment on “The XML Escape”

Log In or post as a guest

Replying to comment #371660:

Log Out

« Return to Article