Post by Clinton GallagherSo it seems to be a general consensus that CDATA within the title and the
description is widely supported at this point in time as a means to allow
users to submit data such as the word AT&T in a title or description? What
are the generally accepted pitfalls of using CDATA?
It's pretty depressing that "widely supported" can even be talked about
in this case. It's 9 years since XML became a recommendation. There are
kids out there younger than XML that understand CDATA, and some of the
parsers don't. :(
Anyway the biggest pitfall I can see with CDATA at the authors side is
the belief that you can pass anything through without having to worry
about escaping anything - there is the exception of the string "]]>".
Now granted the string ]]> doesn't come up very much in normal
conversation, but it certainly can come up in technical posts, etc. and
of course Murphy's law applies - if there's a set of inputs that will
cause failure someone will give you that set of inputs.
As such you still have to do escaping with anything you are putting into
a CDATA section so that ]]> gets replaced with ]]>]<![CDATA[]> (there
are a couple of other workable equivalents).
Personally, I tend to find it just as handy to escape & and < to &
and < (and > to > though in most cases that should be safe - but
again there are parsers that may think differently) especially since I
got into the habit of looking for those a long time ago when dealing
with HTML (not to say I never ever overlook that those characters could
be coming into a given piece of code, but I'm still well used to looking
out for them and not for ]]>