Corner Cases cause concerns

I’ve started using and fallen in love with Performancing For Firefox (PFF) for my weblogging. However…

I have found a couple XML API oddnesses that emphasize the importance of thorough testing. Otherwise known as bugs. One is particularly nasty since it causes failure-with-no-warning, the worst possible software misstep. Both errors are encapsulation problems, based on characters that were not anticipated or cleansed before using them in the log-post process.

The first is that one of my web logs has an apostrophe in the title, which makes the code believe a string has ended prematurely. It lists the issue as a javascript error in my debugger but does not (apparently) fail to do anything I expect… but the question I have is what should it be doing that it is not?

The second, more insidious, issue comes from one of my categories. The error reads:

unexpected end of XML entity (line 1)

When you try and submit a post, it just does nothing. No feedback, no error.  Turns out it is caused by my category ‘Tips & Tricks’ which has an ampersand… and XML thinks it is the start of an entity. Now keep in mind that these categories are pulled from the weblog by PFF automatically, and you have no way of editing them. Now, PFF can’t handle the information that it created when you are posting. Bad bad bad.

The obvious ways to fix this are to

  • escape the strings before using them
  • or show the user a different string than the application utilizes

In either case, the ’sanitize all input’ rule applies… but the most important rule in a software developer’s toolkit – fail loudly – was ignored. If you’re not preserving the data you’ve been given (in this example by not posting it to the log) or at least yelling that you failed, you’re a problem. The user may close the browser and poof – instant data loss.

Leave a Reply