[OSM-dev] usernames, keys, and values

Anthony osm at inbox.org
Thu Oct 29 19:20:33 GMT 2009


On Thu, Oct 29, 2009 at 2:52 PM, Matt Amos <zerebubuth at gmail.com> wrote:
> sort of. the "spec" is just that the API talks XML, and we aim not to
> have any restrictions beyond that. so anything that's a valid XML
> character (http://www.w3.org/TR/REC-xml/#charsets) should be allowed
> in OSM.

[snip]

> yes, we should probably add a rails validation to stop people using
> those chars in their username (who needs a tab in their username
> anyway?)

I think I'm misreading something :).  How are these statements not
contradictory?

> the code, which is a bit opaque:
>
> delete "\000-\037", "^\011\012\015"
>
> says that it'll delete any char in the range 0-37 (octal), but not 11,
> 12 or 15. in ascii this corresponds to anything "less than" a space,
> but not tab, newline or carriage return. it should be (modulo bugs)
> the same as the XML valid character productions.

Ah!  Okay, I definitely misread that.

>> It would be a good idea to release an official spec on exactly what
>> characters are allowed in keys, values, and usernames.  Just
>> disallowing control characters (decimal value less than 32) altogether
>> would probably be the best.  But if the decision is made to allow
>> them, fine, they need to be handled properly.
>
> that's a good idea. i'll stick something up on the wiki - for
> reference i think the current "spec" is the XML valid character
> productions, although i can't think of any particular reason to keep
> \t, \n or \r:
>
> Char ::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]
>
> http://www.w3.org/TR/REC-xml/#NT-Char

Sounds good.  At least for keys and values.  Usernames (but not keys
and values) also disallow [\/;.,?], right?




More information about the dev mailing list