The first 32 Unicode characters with code points 0 to 31 are known as the C0 controls. They were originally defined in ASCII to control teletypes and other monospace dumb terminals. Aside from the tab, carriage return, and line feed they have no obvious meaning in text. Since XML is text, it does not include binary characters such as NULL (#x00), BEL (#x07), DC1 (#x11) through DC4 (#x14), and so forth. These noncharacters are historic relics. XML 1.0 does not allow them.<\/p>\n
This is a good thing. Although dumb terminals and binary-hostile gateways are far less common today than they were twenty years ago, they are still used, and passing these characters through equipment that expects to see plain text can have nasty consequences, including disabling the screen.<\/p><\/blockquote>\n
Further, since these characters are undefined in XML, they are unlikely to work well with existing accessibility interfaces and devices. At best these characters will be ignored and introduce subtle errors. For example, what does \u201c$10,[BS]000\u201d become if one system processes the backspace and another does not? Worst case, the accessibility interface expecting a certain range of characters as defined by the xsd:string type will crash when presented with values beyond the expected range.<\/p>\n
Interfaces with existing programming languages are also harmed by ST_Xstring. How does a C or C++ XML parser deal with XML that now can allow a U+0000 (NULL) character in the middle of a string, something which is illegal in that programming language?<\/p>\n
What about XML database interfaces that take XML data and store it in relational tables? If they are schema-aware and see that ST_Xstring is merely a restriction of xsd:string, they will assume the normal range of characters can be stored wherever an xsd:string can be stored. But since the value space is expanded, there is no guarantee that this will still be true. These characters may cause validation errors in the database.<\/p>\n
By now, the observant reader may be accusing me of pulling a fast one. “But Rob, none of the above is a problem if the application simply leaves the ST_Xstring encoded and does not try to decode or interpret the non-XML character,” you might say.<\/p>\n
OK. Fair enough. Let’s follow that approach and see where it leads us.<\/p>\n
Let’s look at interoperability with other XML-based standards. Imagine you do a DOM parse of an OOXML document that contains \u201cstrings\u201d of type ST_Xstring. Either your parser\/application is OOXML-aware, or it isn’t. In other words, either it is able to interpret the non-standard _xHHHH_ instructions, or it isn’t.<\/p>\n
If it doesn’t understand them, then any other code that operates on the DOM nodes with ST_Xstring data is at risk of returning the wrong answer. For example, what is the length of the string \u201cABC\u201d? Three-characters, of course. But what is the length of the string \u201c_x0041_BC\u201d ? These two strings both have the same values according to OOXML. But an XML application might return 9 or return 3, depending on whether it is OOXML-aware or not. Since most (all) XML parsers are unaware of the non-standard escape mechanism proposed by OOXML, they will typically calculate things such as string lengths, string comparisons, string sorting, etc., incorrectly.<\/p>\n
But suppose the parser\/application is OOXML-aware and correctly decodes these character references into the correct Unicode values, then what? Assuming the host language doesn’t crash from the existence of this control characters, we then are presented with problems at the interface with any other code that operates on the DOM. Suppose we try to transform the DOM via XSLT to XHTML. Will the XSLT engine properly handle the existence of these forbidden character values? The XSLT engine may just crash. But suppose it doesn’t. How does it write out these control characters into XHTML? It can’t. These values are not permitted in XHTML. Dead end. What about DocBook? DITA? OpenDocument Format? Not possible. Since these characters are not permitted in XML 1.0 at all, they will be forbidden in all other markup languages that are based on XML 1.0, or even XML 1.1 for that matter (XML 1.1 allows some but not all of these characters, in particular the NULL character is excluded).<\/p>\n
Note further that with XML pipelining and with mashups, the application that writes XML output typically does not have direct knowledge of the application that originally produced the XML values. This decoupling of producers and consumers is an essential aspect of modern systems integration, include Web Services. By corrupting XML string values in the way that it does, DIS 29500 breaks the ability to have loosely coupled systems. Once the value space is polluted by these aberrant control characters, every application, every process that touches this data must be aware of their non-standard idiosyncrasies lest they crash or return incorrect answers. In this way, one standard perverts the entire XML universe, forcing them all to contend with the poor hygiene of a single vendor.<\/p>\n
The reader might think that I exaggerate the importance of this, that surely ST_Xstring is only used in OOXML in edge cases, in rare, compatibility modes. We wish that this were true. However, a look at the DIS 29500 shows that ST_Xstring is pervasive, and in fact is the predominant data type in SpreadsheetML, used to express the vast majority of spreadsheet content, including cell contents, headers, footers, displays strings, error strings, tooltip help, range names, etc. Any application that operates on an OOXML spreadsheet will need to deal with this mess.<\/p>\n
For example, here are some uses of ST_Xstring in DIS 29500, Part 4:<\/p>\n
\n- Clause 3.2.3 for the name of a custom view in a spreadsheet<\/li>\n
- Clause 3.2.5 for the name of a spreadsheet named range, for the descriptive comment, for the name description, for the
help topic, the keyboard shortcut, the status bar text and for the menu item text<\/li>\n - Clause 3.2.14 for the name of a spreadsheet function group<\/li>\n
- Clause 3.2.19 for the name of a sheet in a workbook<\/li>\n
- Clause 3.2.22 for the name of a smart tag as well as for the URL of a smart tag.<\/li>\n
- Clause 3.2.25 for the destination file name and title when publishing spreadsheet to the web.<\/li>\n
- Clause 3.3.1.10 for the value of a conditional formatting object, e.g., a gradient<\/li>\n
- Clause 3.3.1.20 for the name of a custom property<\/li>\n
- Clause 3.3.1.28 for sheet and range names<\/li>\n
- Clause 3.3.1.30 for error message string, error message title, prompt string and prompt title in a spreadsheet data validation definition.<\/li>\n
- Clause 3.3.1.35 for the value of a footer for even numbered pages.<\/li>\n
- Clause 3.3.1.36 for the value of a header for even numbered pages.<\/li>\n
- Clause 3.3.1.38 for the content of the first page footer<\/li>\n
- Clause 3.3.1.39 for the content of the first page header<\/li>\n
- Clause 3.3.1.44 for the display string for a hyperlink, the tooltip help for the link, also the anchor target if the hyperlink is to an HTML page<\/li>\n
- Clause 3.3.1.49 for values of input cells in a scenario<\/li>\n
- Clause 3.3.1.50 for cell inline text values<\/li>\n
- Clause 3.3.1.55 for the value of a footer for odd numbered pages.<\/li>\n
- Clause 3.3.1.56 for the value of a header for odd numbered pages.<\/li>\n
- Clause 3.3.1.73, in scenarios for the comment text, the scenario name and the name of the person who last changed the scenario.<\/li>\n
- Clause 3.3.1.88 when defining sort condition, for the values of a the custom sort list<\/li>\n
- Clause 3.3.1.93 for the value contained within a cell<\/li>\n
- Clause 3.3.1.94 for information associated with items published to the web, including the destination file and the title of the output HTML file<\/li>\n
- Clause 3.3.2.2 for expressing the criteria values in a filter<\/li>\n
- Clause 3.3.15 for the key\/values for smart tag properties<\/li>\n
- Clause 3.4.4 for expressing the contents of a rich text run<\/li>\n
- Clause 3.4.5 for expressing the name of a font<\/li>\n
- Clause 3.4.6 for expressing the text of a phonetic hint for East Asian text<\/li>\n
- Clause 3.4.8 for expressing a text item in the shared string table<\/li>\n
- Clause 3.4.12 for the text content shown as part of a string<\/li>\n
- Clause 3.5.1.2 for a table, expressing a textual comment, a display name as well as style names.<\/li>\n
- Clause 3.5.1.3 for a table column, expressing cell and row style names, column name<\/li>\n
- Clause 3.5.1.7 for column properties created from an XML mapping, for expressing the associated XPath.<\/li>\n
- Clause 3.5.2.4 for the XPath associated with column properties for XML tables<\/li>\n
- Clause 3.7.1-3.7.6 for specifying content of tracked comments, including the text of the comments as well as the authors of the comments<\/li>\n
- Clause 3.8.29 expressing the name of a font<\/li>\n
<\/ul>\n
There are hundreds of additional uses. A search of DIS 29500 Part 4 for \u201cST_Xstring\u201d returns 467 hits. OOXML also defines two additional types, \u201clptsr\u201d (7.4.2.8) and \u201cbstr\u201d (7.4.2.4) that have the same flaw as ST_Xstring.<\/p>\n
The reader might further argue that, although the type allows characters that are forbidden by XML, the actual occurrence of these values in real legacy documents is likely to be rare. This might be true, but this is cause for even greater concern. If every document contained these control characters, then we would immediately be aware of any interoperability problems when integrating OOXML data with other systems. But if these characters are permitted, but occur rarely and randomly, then the integration errors will also occur rarely and randomly, allowing data corruption and other problems to occur and propagate further before detection.<\/p>\n
In summary, we are concerned that the ST_Xstring type in OOXML opens us up to problems such as:<\/p>\n
\n- Introducing accessibility problems<\/li>\n
- Breaking unaware C\/C++ XML parsers<\/li>\n
- Breaking XML databases<\/li>\n
- Breaking interoperability with other XML languages<\/li>\n
- Breaking application logic related to string searching, sorting, comparisons, etc.<\/li>\n
- Introducing errors that will be hard to detect and resolve<\/li>\n
<\/ol>\n
Possible remedies include:<\/p>\n
<\/p>\n- Use xsd:string uniformly instead of ST_Xstring, with no use of forbidden XML characters. This would require that applications that read legacy binary documents containing such characters eliminate them at this point, perhaps replacing them with licit characters or with whitespace. No application will be more able to devise the original meaning and intent of these characters than the original vendor. So they should be responsible for cleaning up these strings to make them XML-ready.<\/li>\n
- Use a non-string type such as the binary xsd:hexBinary or xsd:base64Binary to represent these data items.<\/li>\n
- Use a mixed content encoding, where the licit characters are represented by xsd:string data, and the forbidden characters are denoted by specially-defined elements. So \u201cA_x0008_BC\u201d would become: <text>A<backspace\/>BC <\/text>. In this case the semantics of the <backspace> element would need to be documented in the DIS 29500 specification, including its effect on searching, sorting, length calculations, etc.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"
Let’s start with the concepts of \u201clexical\u201d and \u201cvalue\u201d spaces in XML, as well as the mechanism of \u201cderivation by restriction\u201d in XML Schema. Any engineer can understand the basics here, even if you don’t eat and drink XML for breakfast. The value space for an XML data item comprises the set of all allowed […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[6],"tags":[],"class_list":{"0":"post-163","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-ooxml","7":"entry"},"_links":{"self":[{"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/posts\/163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/comments?post=163"}],"version-history":[{"count":0,"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/posts\/163\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/media?parent=163"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/categories?post=163"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/tags?post=163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}