>Archive Index
>microsoft.public.xml Archive Home
>Recent entries

>Thread Prev - Re: Questions about character entities in XML and PCI security compliance
>Thread Next - Re: Questions about character entities in XML and PCI security compliance

Re: Questions about character entities in XML and PCI security compliance

From: Peter Flynn <peter.nosp@-.--------.-->
To: NULL
Date: 8/8/2008 11:49:00 PM

Joe Fawcett wrote:
[snip]
> Well we have similar files and I've never seen that happen. As you say 
> they seem to be escaping twice. In my opinion they're wrong but I'd need 
> to know their process etc.

I would suspect they are not used to dealing with XML, and have been 
told by some less-than-well-informed person that "you always have to do 
this with those funny characters in web pages". But as Joe says, without 
knowing their process it's hard to be sure.

What *is* sure is that they are wrong to do this. The file when 
decrypted should be the file that was encrypted. They have corrupted it, 
and they must stop doing that.

> Pragmatically you may need to un-escape once before treating the file as 
> XML.

That may not be possible if parts of the document already use numeric 
character references or the &amp;amp; escapement for other reasons (eg 
in CDATA sections). But with luck you may just be able to reconvert it 
until your hosting bods fix the bug.

///Peter

>Thread Prev - Re: Questions about character entities in XML and PCI security compliance
>Thread Next - Re: Questions about character entities in XML and PCI security compliance

>Archive Index
>microsoft.public.xml Archive Home
>Recent entries

Altova Mailing List Archives

Re: Questions about character entities in XML and PCI security compliance