x

Archive for January 2008

Stanley Spencer at Tate Liverpool

paintingJanuary 24th, 2008
post #95 

Absolutely unmissable.

The latest in the DLA Piper Series on C20th Art. The Stanley Spencer’s on the ground floor include ‘St Francis and the birds’, a couple of self portraits (including his first), ‘The Resurrection, Cookham’ and ‘The Resurrection, Port Glasgow’ - and a whole host of squared-up drawings for it.

Photograph of The Resurrection, Cookham, 1924-7, Oil on canvas, by Sir Stanley Spencer. In the public domain.

 

DLA PiperSeries - The Twentieth Century

On until the 27th April 2008.

IE7: RSS no DTD

Web ComputingJanuary 22nd, 2008
post #94 

Yesterday I learned that all our RSS feeds fail to render in IE7. This was a surprise, as feeds are often the least worrysome areas of output, normally bypassing rendering and compatibility issues. IE7 reported:

This feed contains a DTD (Document Type Definition). DTDs are used to define a structure of a webpage. Internet Explorer does not support DTDs in feeds.

We defined a DTD only to ensure encoding of certain characters, as a number of our feeds are generated from (x)html based, content-managed information and often have content mishandled via software such as MS Word. In the past we have had some problems providing editing tools to suit certain departments resulting in encoding and character-set problems, and the DTD assured us some control over this.

The Microsoft RSS Blog outlines the reason for the failure:

Feeds that reference a DTD are not supported by the RSS Platform. A DTD is used to help XML parsers with validation of the document. However, DTD validation is a potential source of security issues for XML parsers, and validation is not required for feeds to work correctly in aggregators.

The MSDN article referred to outlines situations where a malicious DTD could be used to launch a DoS attack from an untrusted source. Our fatal DTD however, was inline:

<!DOCTYPE rss [<!ENTITY pound “&chr(34)&”£”&chr(34)&”>]>

I can’t say I’m wholly impressed that my implicitly trustworthy (requested) content has, according to IE7, untrustworthy components.

The solution is -unsurprisingly- to remove the DTD entry - I call this a proprietary hack - and to keep an eye on the entities which have for operational reasons failed us in the past.