[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: XMLinLua
- From: Matthew Wild <mwild1@...>
- Date: Wed, 4 Jul 2012 17:15:52 +0100
On 4 July 2012 16:46, Dirk Laurie <firstname.lastname@example.org> wrote:
>> bad input …. the result is probably not what the programmer intended.
> You're right, but is that a defect of my code or just an inconvenient
> truth also known as GIGO?
It's a defect in your code, if your code is meant to be taking
arbitrary input and generating valid XML.
It doesn't make sense to provide a library for generating a particular
data format, and then ask applications to do half of the work
themselves before they hand you their data.
You can choose the GIGO approach if you like, but the downsides are
numerous, compared to the more elegant solution that keeps the
escaping in a single place.
Manual XML escaping is somewhere in the same bucket as manual SQL
query parameter concatenation.