LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

One more fly in the quoting ointment

One more fly in the quoting ointment

Posted Oct 24, 2005 14:00 UTC (Mon) by Max.Hyre (subscriber, #1054)
In reply to: One more reason not to use XML by Zarathustra
Parent article: Small company makes big claims on XML patents (ZDNet)

[A] ' character inside the string is represented by ''. Eg., "it's easy" becomes 'it''s easy'. And you don't need any other escaping or quoting

I'm not understanding something here. Using this quoting style, She said "it's easy". becomes 'She said "it"s easy".'. Run that through the de-quoting algorithm.

There's simply no way to delimit random text without being able to escape the delimiter somehow. Even MIME's mechanism has a greater than zero chance of failure. (Admittedly, it's something like 10**-1000000000 [that's a billion*] or less.) As a HW engineer colleague says: The question isn't ``Does it work?'', but rather ``Can it fail?''.

*Or a thousand million, for my British readers :-)

(Log in to post comments)

One more fly in the quoting ointment

Posted Oct 24, 2005 18:18 UTC (Mon) by zblaxell (subscriber, #26385) [Link]

Beware evil fonts. "It''s easy" != 'It"s easy'. One is a string of length 10, with two ticks, the other a string of length 9, with one quote. They look obviously different in my mail client when I got the LWN comment notification, but they look exactly the same in my browser window.

MIME's mechanism has a >0 chance of failure, but if implemented correctly it has a much lower chance of failure than the chance of randomly guessing someone's GPG session key (defeating privacy) and finding an SHA1 collision (defeating authentication). Undetected CRC errors or rotting RAM bits are many orders of magnitude more likely to mangle the message.

If you absolutely must avoid failure, a MIME encoder can always hide the delimiter string using quoted-printable encoding (I've seen some encoders transform 'From ' into '=46rom ' at the beginning of some paragraphs to avoid another infamous email delimiter string), or read the entire string in advance and search for a delimiter that doesn't appear within it.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds