[OSM-dev] Restrict key names on order to retain reusability of OSM
Jochen Topf
jochen at remote.org
Tue Feb 12 14:20:33 GMT 2008
Hi!
I strongly support the use of UTF-8 in keys. We shouldn't restrict that
just to make it easier for programmers.
But, being a programmer myself, I know programmers are lazy. And while I
don't see problems with general Unicode characters, I do see problems
with special characters such as "=" (because we generally use it as delimiter
between key and value) and "<", ">", and quotes etc. They are special in
many databases, XML, HTML etc. and allowing them always sooner or later
breaks programs and, worse, creates security holes (SQL injection,
x-site-scripting, ...). Sure, they can be avoided if you take care, but
who does? (We already had a security problem because of a similar thing
a few weeks ago.)
So if anybody would propose to not allow some of these characters in
tag keys (or, for that matter, user names), I'd be in favour. On the
other hand, we must allow these in tag values anyway, so maybe its not
worth it.
Jochen
--
Jochen Topf jochen at remote.org http://www.remote.org/jochen/ +49-721-388298
More information about the dev
mailing list