-
Notifications
You must be signed in to change notification settings - Fork 183
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improvements to HTML and Markdown character encoding in XML, JSON, and YAML #452
Comments
@david-waltermire-nist could you provide more specifics as to what might be considered "overly encoded"? |
The user story has been updated to remove and clarify what was meant by "overly encoded". |
…N conversion. Fixed the bug this exposed in markdown->HTML conversion. Added some light unit testing.
In the XML-to-JSON conversion, handling of characters in strings has been cleaned up, with much better results. Some basic unit testing has also been added for string conversion. This is ready for inspection. Included in the inspection should be FedRAMP profiles where they contain '&' for example grep "POA&M" or "POA&M" (in XML and JSON respectively). |
Also: we need a plan for what to do (if anything) to prevent XML IN:
JSON:
XML BACK:
One solution would be to map
This is (much) less legible but more robust. At a minimum we should document this issue. |
According to our docs: https://pages.nist.gov/OSCAL/docs/schemas/datatypes/#specialized-character-mapping
XML IN:
<p>Markup can make <em>emphasis</em>, but so can *markdown*</p>
Would map to JSON:
"Markup can make *emphasis*, but so can \*markdown\*"
This avoids the roundtrip problem.
From: Wendell Piez <[email protected]>
Sent: Tuesday, September 17, 2019 11:27 AM
To: usnistgov/OSCAL <[email protected]>
Cc: Waltermire, David A. (Fed) <[email protected]>; Mention <[email protected]>
Subject: Re: [usnistgov/OSCAL] Improvements to HTML and Markdown character encoding in XML, JSON, and YAML (#452)
Also: we need a plan for what to do (if anything) to prevent
XML IN:
<p>Markup can make <em>emphasis</em>, but so can *markdown*</p>
JSON:
"Markup can make *emphasis*, but so can *markdown*"
XML BACK:
<p>Markup can make <em>emphasis</em>, but so can <em>markdown</em></p>
One solution would be to map * and other delimiter characters, in generated Markdown, to Unicode representations such as \u002a. So in this case the JSON would have
"Markup can make *emphasis*, but so can \u002amarkdown\u002a".
This is (much) less legible but more robust.
Another solution could be to document this issue.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#452?email_source=notifications&email_token=ACLKE2AWLENCDLTZOJXB7YDQKDZLVA5CNFSM4H4HJ2AKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD645KDI#issuecomment-532272397>, or mute the thread<https://github.com/notifications/unsubscribe-auth/ACLKE2FQW5ACTVCRTL53H7DQKDZLVANCNFSM4H4HJ2AA>.
|
@david-waltermire-nist I think (hope) you are saying that symbols in one format (ie an “*” in XML content) that may be mistaken for formatting in the other format (ie emphasis in MD), should be automatically escaped by the conversion process. I don’t think we can count on content creators/editors to handle this, nor do I think we want to impose that on them. In other words, a content creator/editor who works in XML should not have to be concerned with how their data translates to other formats (JSON, YAML) beyond respecting the formatting constraints defined for prose and mixed elements. The conversion process should detect any problematic characters and handle them accordingly. This also future-proofs content if our allowed formatting rules change after the content is created. |
Correct. Content authors are only responsible for using the appropriate escaping in the format they are using the create the content. Escaping when converting between formats is handled by the conversion process. Our specification needs to define how this conversion must happen.
From: Brian Ruf <[email protected]>
Sent: Tuesday, September 17, 2019 11:40 AM
To: usnistgov/OSCAL <[email protected]>
Cc: Waltermire, David A. (Fed) <[email protected]>; Mention <[email protected]>
Subject: Re: [usnistgov/OSCAL] Improvements to HTML and Markdown character encoding in XML, JSON, and YAML (#452)
@david-waltermire-nist<https://github.com/david-waltermire-nist> I think (hope) you are saying that symbols in one format (ie an “*” in XML content) that may be mistaken for formatting in the other format (ie emphasis in MD), should be automatically escaped by the conversion process.
I don’t think we can count on content creators/editors to handle this, nor do I think we want to impose that on them.
In other words, a content creator/editor who works in XML should not have to be concerned with how their data translates to other formats (JSON, YAML) beyond respecting the formatting constraints defined for prose and mixed elements. The conversion process should detect any problematic characters and handle them accordingly. This also future-proofs content if our allowed formatting rules change after the content is created.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#452?email_source=notifications&email_token=ACLKE2FMM3L5YK24ME4C6T3QKD26ZA5CNFSM4H4HJ2AKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD646W6I#issuecomment-532278137>, or mute the thread<https://github.com/notifications/unsubscribe-auth/ACLKE2B5MFMM25SFAQAH6YDQKD26ZANCNFSM4H4HJ2AA>.
|
@brianrufgsa I think this is what Dave is saying ... in XML, a (Thanks @david-waltermire-nist for posting that link.) This means that XML authors won't have to do anything special for |
@david-waltermire-nist I also noticed that page https://pages.nist.gov/OSCAL/docs/schemas/datatypes/#specialized-character-mapping erroneously references characters Do you want me to correct this or is it being revised in your branch? |
Followup - I have managed to produce
We could make it into @david-waltermire-nist Advice? Maybe @anweiss also has some thoughts about representing Markdown inside JSON. |
Feel free to fix this. You can do so in our integration branch.
From: Wendell Piez <[email protected]>
Sent: Tuesday, September 17, 2019 12:59 PM
To: usnistgov/OSCAL <[email protected]>
Cc: Waltermire, David A. (Fed) <[email protected]>; Mention <[email protected]>
Subject: Re: [usnistgov/OSCAL] Improvements to HTML and Markdown character encoding in XML, JSON, and YAML (#452)
@david-waltermire-nist<https://github.com/david-waltermire-nist> I also noticed that page https://pages.nist.gov/OSCAL/docs/schemas/datatypes/#specialized-character-mapping erroneously references characters “ and ‘ (Unicode 8220 and 8216) rather than the keyboard characters " and ' (Unicode 0034 and 0039), which are undoubtedly what was intended.
Do you want me to correct this or is it being revised in your branch?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#452?email_source=notifications&email_token=ACLKE2DP6KXKTPUWU5JLORDQKEEGPA5CNFSM4H4HJ2AKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD65GIBY#issuecomment-532308999>, or mute the thread<https://github.com/notifications/unsubscribe-auth/ACLKE2C4SRSLGJGPEA46DYDQKEEGPANCNFSM4H4HJ2AA>.
|
For I have not yet edited the specification in The Liquid solution to this is to wrap in |
Yes. Getting the correct representations through Jekyll is a fresh kind of hell. You can see some examples of this in the current source markdown for the datatypes page.
From: Wendell Piez <[email protected]>
Sent: Tuesday, September 17, 2019 2:30 PM
To: usnistgov/OSCAL <[email protected]>
Cc: Waltermire, David A. (Fed) <[email protected]>; Mention <[email protected]>
Subject: Re: [usnistgov/OSCAL] Improvements to HTML and Markdown character encoding in XML, JSON, and YAML (#452)
For ~ \^ * " we are now getting double-escaped Markdown-in-JSON, e.g. \\*. Amazingly, this is coming back into the XML as the naked character with no escaping. (The JSON-to-XML function converts it to \* and our Markdown handler knows this becomes *.
I have not yet edited the specification in docs\content\documentation\schemas\datatypes.md. This is because it turns out the Liquid parser is responsible for the conversion of characters responsible for the "smart quotes" in display. In the source they are correct.
The Liquid solution to this is to wrap in {% raw %} ... {% endraw %} directives. However, where exactly to do this raises a question of whether there are not other issues with the spec ... as Liquid is also converting our \\ into \. Accordingly I think I should correct this with the help of extra eyes.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#452?email_source=notifications&email_token=ACLKE2ALSYFXYPCHWQZHBOLQKEOYVA5CNFSM4H4HJ2AKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD65O67I#issuecomment-532344701>, or mute the thread<https://github.com/notifications/unsubscribe-auth/ACLKE2FO24AWLZSBNIXLF63QKEOYVANCNFSM4H4HJ2AA>.
|
Okay. Current status:
|
… with unit testing: usnistgov#452
…cter-level post-processing in generated JSON; added unit tests for URIs to detect issues with solidus characters '/'
…aracter escapes).
The latest commit 4e47cc2 to my branch has changes to the documentation regarding character escapes:
|
… with unit testing: usnistgov#452
…cter-level post-processing in generated JSON; added unit tests for URIs to detect issues with solidus characters '/'
…aracter escapes).
…N conversion. Fixed the bug this exposed in markdown->HTML conversion. Added some light unit testing.
… with unit testing: usnistgov#452
…cter-level post-processing in generated JSON; added unit tests for URIs to detect issues with solidus characters '/'
…aracter escapes).
…rding character escapes)." This reverts commit ba9224f.
…ss character-level post-processing in generated JSON; added unit tests for URIs to detect issues with solidus characters '/'" This reverts commit e735440.
…in text, with unit testing: usnistgov#452" This reverts commit 7cab448.
This reverts commit 7fc973d.
…L-to-JSON conversion. Fixed the bug this exposed in markdown->HTML conversion. Added some light unit testing." This reverts commit 48d4c97.
…rding character escapes)." This reverts commit ba9224f.
…ss character-level post-processing in generated JSON; added unit tests for URIs to detect issues with solidus characters '/'" This reverts commit e735440.
…in text, with unit testing: usnistgov#452" This reverts commit 7cab448.
This reverts commit 7fc973d.
…L-to-JSON conversion. Fixed the bug this exposed in markdown->HTML conversion. Added some light unit testing." This reverts commit 48d4c97.
…N conversion. Fixed the bug this exposed in markdown->HTML conversion. Added some light unit testing.
… with unit testing: usnistgov#452
…cter-level post-processing in generated JSON; added unit tests for URIs to detect issues with solidus characters '/'
…aracter escapes).
* Removed unnecessary metaschema check on json-value-key * Now implementing in-xml="with-wrapper | unwrapped" on markup multiline fields, with default `with-wrapper` and corresponding changes to catalog and profile metaschemas. * Updating catalog and profile schemas for (prose) unwrapping behavior * Renamed 'json-behavior' in Metaschema to 'in-json' for consistency with 'in-xml'. * Updating syntax in metaschemas 'in-json' for 'json-behavior' * Updating json converter generator to provide in-xml behavior 'GROUPED' * Refining json converter production from Metaschema * Repairing egregious syntax error * Rectify bug introduced with new feature * Adding support for 'date' and 'dateTime' datatypes, with no time zones (#480), including unit tests * Improvements and corrections to datatypes docs * More small repairs on datatypes descriptions (table markup) * Built out validations of allowed (enumerated) values, including Metaschema validation checks on whether given allowed values conform to their nominal type. * Straightening kinks in datatype metaschema meta-validation * More special handling of recalcitrant datatypes, this time 'NMTOKENS' and 'IDREFS' * Addressing #463, adding `id`, `class` and `title` to `group` in profiles. * Schematron improvements; documentation revisions (removing references to subcontrols) * New Schematron for SP800-53-style catalogs * Removed using in implementation to new metaschema for storage. Started on example, which is still invalid * More work on an example, which is still not valid * refactored schematron processing * more work on SSP example * Refactored generate-schema.sh to allow a metaschema to be provided on the CLI * refactored SSP model to be more flat, while allowing component references * slight cleanup * old example * Fixed content generation * updated metaschema to new specs * fixed content errors * added metaschema examples * Updated metaschema example. * Adding 'prop' and 'part' to Profile Metaschema per #463 * Added 'param' to profile 'group' model * JSON converter now properly handling flags assigned to assemblies identified by json key * Added 'sort-id' property to controls in SP800-53 catalog * Added support for direct generation of schema and converters * Minor updates to SSP example and metaschema * Adding computer build metaschema examples * Extending allowed-values support to fields; unit tests: #437 * More work on allowed-values, now in XSD with unit tests for #437 * Repairing small datatyping bug thanks to regression testing * Further adjustment for allowed-values in docs * Renamed unit tests, now working * Adding allowed-values unit tests * Addressing #452: cleaned up character handling in XML-to-JSON conversion. Fixed the bug this exposed in markdown->HTML conversion. Added some light unit testing. * More adjustments in view of comments to #452 * Repairing more bugs in character handling in Markdown and plain text, with unit testing: #452 * Improvements to Schematron for SP800-53 #400 * For #452, modified copy-and-convert script to suppress character-level post-processing in generated JSON; added unit tests for URIs to detect issues with solidus characters '/' * Edited docs, including datatypes page per #452 (regarding character escapes). * Cleanup metaschema valdiation errors * changed use of the ID and IDREF datatype to NCName * Removed ID and IDREF datatypes * refactored components out of ssp metaschema * Updated SP800-53 catalog and NIST profiles to current model * Added name to information type. * Continued refinement of the SSP model * Updated metadata syntax * changing CM-6 constraint to guidance * continued work on SSP * refactored responsible party to metadata * fixed validation issues * Fixed overriding enumerated values * Fixed content validation errors based on latest metaschema changes * Completed full pass through ssp model * added prop to resource * Fixed broken links in Markdown files. Small adjustments to SSP example. * FDixed relapath error caused when the generated schema directory doesn't exist. Also attempting a fix for CircleCI colorized escape codes causing extra characters to appear. * Fixed validation issue with component metaschema * attempting to fix extra characters in CircleCI colorized messages * Updated enumerated values to remove values that should appear in a given context * quick reordering of elements * hardcode ascii color codes * Fixing broken links in readmes; file name update for consistency * added unit tests for bug * fixed color escaping in scripts * Removed bogus unit test and fixed a small cardinality issue in the SSP model * Improvements to docs generation * Added JSON value keys to fields with flags (that did not have them) * Bug reduction in XSD production mainly related to datatypes and allowed values * Fixing glitch in JSON converter generator * Adjustments repairing Metaschema issues * CSS tweak in docs (model maps to use USWDS font) * Adding to Milestone 2 release notes (in progress) * Change to parameter setting in profile model (#494, #288); release notes towards M2 * Small improvements to copy in release notes (draft) * Updating metaschemas to latest syntax, with improved Metaschema Schematron and unit test tweakage * Adjustments to flag unit test and release notes * SSP Metaschema review and update * cleanup of unused role-id field * reflactored role-id * updated documentation for release. * cleanup of IDs * Minor schema and metaschema improvements * M1 to M2 content converter * Merging local and upstream changes to json example * Relaxing rule over 'ID' flag to accept any string not only XML NCName * reorganizing content for release * more file moves * Fixed changed path * Updated FedRAMP profiles and catalog to current models * Bug fix to XML-to-JSON converter generator * Fixed copy script * Updated FedRAMP baselines and catalog to match new metaschema syntax * fixed merge error * fixed another merge error * fixed spelling issues * Fix from Wendell
This was completed in PR #492. |
* Removed unnecessary metaschema check on json-value-key * Now implementing in-xml="with-wrapper | unwrapped" on markup multiline fields, with default `with-wrapper` and corresponding changes to catalog and profile metaschemas. * Updating catalog and profile schemas for (prose) unwrapping behavior * Renamed 'json-behavior' in Metaschema to 'in-json' for consistency with 'in-xml'. * Updating syntax in metaschemas 'in-json' for 'json-behavior' * Updating json converter generator to provide in-xml behavior 'GROUPED' * Refining json converter production from Metaschema * Repairing egregious syntax error * Rectify bug introduced with new feature * Adding support for 'date' and 'dateTime' datatypes, with no time zones (usnistgov#480), including unit tests * Improvements and corrections to datatypes docs * More small repairs on datatypes descriptions (table markup) * Built out validations of allowed (enumerated) values, including Metaschema validation checks on whether given allowed values conform to their nominal type. * Straightening kinks in datatype metaschema meta-validation * More special handling of recalcitrant datatypes, this time 'NMTOKENS' and 'IDREFS' * Addressing usnistgov#463, adding `id`, `class` and `title` to `group` in profiles. * Schematron improvements; documentation revisions (removing references to subcontrols) * New Schematron for SP800-53-style catalogs * Removed using in implementation to new metaschema for storage. Started on example, which is still invalid * More work on an example, which is still not valid * refactored schematron processing * more work on SSP example * Refactored generate-schema.sh to allow a metaschema to be provided on the CLI * refactored SSP model to be more flat, while allowing component references * slight cleanup * old example * Fixed content generation * updated metaschema to new specs * fixed content errors * added metaschema examples * Updated metaschema example. * Adding 'prop' and 'part' to Profile Metaschema per usnistgov#463 * Added 'param' to profile 'group' model * JSON converter now properly handling flags assigned to assemblies identified by json key * Added 'sort-id' property to controls in SP800-53 catalog * Added support for direct generation of schema and converters * Minor updates to SSP example and metaschema * Adding computer build metaschema examples * Extending allowed-values support to fields; unit tests: usnistgov#437 * More work on allowed-values, now in XSD with unit tests for usnistgov#437 * Repairing small datatyping bug thanks to regression testing * Further adjustment for allowed-values in docs * Renamed unit tests, now working * Adding allowed-values unit tests * Addressing usnistgov#452: cleaned up character handling in XML-to-JSON conversion. Fixed the bug this exposed in markdown->HTML conversion. Added some light unit testing. * More adjustments in view of comments to usnistgov#452 * Repairing more bugs in character handling in Markdown and plain text, with unit testing: usnistgov#452 * Improvements to Schematron for SP800-53 usnistgov#400 * For usnistgov#452, modified copy-and-convert script to suppress character-level post-processing in generated JSON; added unit tests for URIs to detect issues with solidus characters '/' * Edited docs, including datatypes page per usnistgov#452 (regarding character escapes). * Cleanup metaschema valdiation errors * changed use of the ID and IDREF datatype to NCName * Removed ID and IDREF datatypes * refactored components out of ssp metaschema * Updated SP800-53 catalog and NIST profiles to current model * Added name to information type. * Continued refinement of the SSP model * Updated metadata syntax * changing CM-6 constraint to guidance * continued work on SSP * refactored responsible party to metadata * fixed validation issues * Fixed overriding enumerated values * Fixed content validation errors based on latest metaschema changes * Completed full pass through ssp model * added prop to resource * Fixed broken links in Markdown files. Small adjustments to SSP example. * FDixed relapath error caused when the generated schema directory doesn't exist. Also attempting a fix for CircleCI colorized escape codes causing extra characters to appear. * Fixed validation issue with component metaschema * attempting to fix extra characters in CircleCI colorized messages * Updated enumerated values to remove values that should appear in a given context * quick reordering of elements * hardcode ascii color codes * Fixing broken links in readmes; file name update for consistency * added unit tests for bug * fixed color escaping in scripts * Removed bogus unit test and fixed a small cardinality issue in the SSP model * Improvements to docs generation * Added JSON value keys to fields with flags (that did not have them) * Bug reduction in XSD production mainly related to datatypes and allowed values * Fixing glitch in JSON converter generator * Adjustments repairing Metaschema issues * CSS tweak in docs (model maps to use USWDS font) * Adding to Milestone 2 release notes (in progress) * Change to parameter setting in profile model (usnistgov#494, usnistgov#288); release notes towards M2 * Small improvements to copy in release notes (draft) * Updating metaschemas to latest syntax, with improved Metaschema Schematron and unit test tweakage * Adjustments to flag unit test and release notes * SSP Metaschema review and update * cleanup of unused role-id field * reflactored role-id * updated documentation for release. * cleanup of IDs * Minor schema and metaschema improvements * M1 to M2 content converter * Merging local and upstream changes to json example * Relaxing rule over 'ID' flag to accept any string not only XML NCName * reorganizing content for release * more file moves * Fixed changed path * Updated FedRAMP profiles and catalog to current models * Bug fix to XML-to-JSON converter generator * Fixed copy script * Updated FedRAMP baselines and catalog to match new metaschema syntax * fixed merge error * fixed another merge error * fixed spelling issues * Fix from Wendell
* Removed unnecessary metaschema check on json-value-key * Now implementing in-xml="with-wrapper | unwrapped" on markup multiline fields, with default `with-wrapper` and corresponding changes to catalog and profile metaschemas. * Updating catalog and profile schemas for (prose) unwrapping behavior * Renamed 'json-behavior' in Metaschema to 'in-json' for consistency with 'in-xml'. * Updating syntax in metaschemas 'in-json' for 'json-behavior' * Updating json converter generator to provide in-xml behavior 'GROUPED' * Refining json converter production from Metaschema * Repairing egregious syntax error * Rectify bug introduced with new feature * Adding support for 'date' and 'dateTime' datatypes, with no time zones (usnistgov#480), including unit tests * Improvements and corrections to datatypes docs * More small repairs on datatypes descriptions (table markup) * Built out validations of allowed (enumerated) values, including Metaschema validation checks on whether given allowed values conform to their nominal type. * Straightening kinks in datatype metaschema meta-validation * More special handling of recalcitrant datatypes, this time 'NMTOKENS' and 'IDREFS' * Addressing usnistgov#463, adding `id`, `class` and `title` to `group` in profiles. * Schematron improvements; documentation revisions (removing references to subcontrols) * New Schematron for SP800-53-style catalogs * Removed using in implementation to new metaschema for storage. Started on example, which is still invalid * More work on an example, which is still not valid * refactored schematron processing * more work on SSP example * Refactored generate-schema.sh to allow a metaschema to be provided on the CLI * refactored SSP model to be more flat, while allowing component references * slight cleanup * old example * Fixed content generation * updated metaschema to new specs * fixed content errors * added metaschema examples * Updated metaschema example. * Adding 'prop' and 'part' to Profile Metaschema per usnistgov#463 * Added 'param' to profile 'group' model * JSON converter now properly handling flags assigned to assemblies identified by json key * Added 'sort-id' property to controls in SP800-53 catalog * Added support for direct generation of schema and converters * Minor updates to SSP example and metaschema * Adding computer build metaschema examples * Extending allowed-values support to fields; unit tests: usnistgov#437 * More work on allowed-values, now in XSD with unit tests for usnistgov#437 * Repairing small datatyping bug thanks to regression testing * Further adjustment for allowed-values in docs * Renamed unit tests, now working * Adding allowed-values unit tests * Addressing usnistgov#452: cleaned up character handling in XML-to-JSON conversion. Fixed the bug this exposed in markdown->HTML conversion. Added some light unit testing. * More adjustments in view of comments to usnistgov#452 * Repairing more bugs in character handling in Markdown and plain text, with unit testing: usnistgov#452 * Improvements to Schematron for SP800-53 #400 * For usnistgov#452, modified copy-and-convert script to suppress character-level post-processing in generated JSON; added unit tests for URIs to detect issues with solidus characters '/' * Edited docs, including datatypes page per usnistgov#452 (regarding character escapes). * Cleanup metaschema valdiation errors * changed use of the ID and IDREF datatype to NCName * Removed ID and IDREF datatypes * refactored components out of ssp metaschema * Updated SP800-53 catalog and NIST profiles to current model * Added name to information type. * Continued refinement of the SSP model * Updated metadata syntax * changing CM-6 constraint to guidance * continued work on SSP * refactored responsible party to metadata * fixed validation issues * Fixed overriding enumerated values * Fixed content validation errors based on latest metaschema changes * Completed full pass through ssp model * added prop to resource * Fixed broken links in Markdown files. Small adjustments to SSP example. * FDixed relapath error caused when the generated schema directory doesn't exist. Also attempting a fix for CircleCI colorized escape codes causing extra characters to appear. * Fixed validation issue with component metaschema * attempting to fix extra characters in CircleCI colorized messages * Updated enumerated values to remove values that should appear in a given context * quick reordering of elements * hardcode ascii color codes * Fixing broken links in readmes; file name update for consistency * added unit tests for bug * fixed color escaping in scripts * Removed bogus unit test and fixed a small cardinality issue in the SSP model * Improvements to docs generation * Added JSON value keys to fields with flags (that did not have them) * Bug reduction in XSD production mainly related to datatypes and allowed values * Fixing glitch in JSON converter generator * Adjustments repairing Metaschema issues * CSS tweak in docs (model maps to use USWDS font) * Adding to Milestone 2 release notes (in progress) * Change to parameter setting in profile model (usnistgov#494, #288); release notes towards M2 * Small improvements to copy in release notes (draft) * Updating metaschemas to latest syntax, with improved Metaschema Schematron and unit test tweakage * Adjustments to flag unit test and release notes * SSP Metaschema review and update * cleanup of unused role-id field * reflactored role-id * updated documentation for release. * cleanup of IDs * Minor schema and metaschema improvements * M1 to M2 content converter * Merging local and upstream changes to json example * Relaxing rule over 'ID' flag to accept any string not only XML NCName * reorganizing content for release * more file moves * Fixed changed path * Updated FedRAMP profiles and catalog to current models * Bug fix to XML-to-JSON converter generator * Fixed copy script * Updated FedRAMP baselines and catalog to match new metaschema syntax * fixed merge error * fixed another merge error * fixed spelling issues * Fix from Wendell
User Story:
As an OSCAL content consumer, I need OSCAL XML, JSON, and YAML content that includes properly encoded characters in textual content (e.g., fields). Characters must not be encoded or escaped if the underlying format does not require them to be, as this will require extra processing/parsing to fix. The only exception to this rule are the Markdown formatting characters
*`~^
when they are used as literal characters in JSON and YAML strings. This will protect these characters from interactions with Markdown formatting.Goals:
All generated OSCAL XML, JSON, and YAML content must use the minimum character encoding needed to correctly represent the character. This should be consistent with the character handling defined in the OSCAL datatypes documentation.
While
&
needs to be encoded in HTML as&
, this encoding needs to be avoided in JSON and YAML strings.The FedRAMP HIGH baseline is an example of where this is occurring incorrectly.
Confirm that all
'
characters in generated OSCAL JSON files are not escaped.Confirm that
>
and<
are not encoded as>
and<
in JSON and YAML. These character should be represented as>
and<
in JSON and YAML.The OSCAL XML HTML content currently uses
A;
and<
to encode*
and`
respectively. These characters need to be represented as*
and`
in OSCAL XML HTML content.Dependencies:
None.
Acceptance Criteria
The text was updated successfully, but these errors were encountered: