search

oasis-tcs / sarif-spec

OASIS SARIF TC: Repository for development of the draft standard, where requests for modification should be made via Github Issues
https://github.com/oasis-tcs/sarif-spec
Other
164 stars 47 forks source link

Is any escaping of URIs within "3.11.6 Messages with embedded links" needed? #657

Open davidmalcolm opened 4 weeks ago

davidmalcolm commented 4 weeks ago

"3.11.6 Messages with embedded links" has:

link destination = ? Any valid URI ?;
embedded link = "[", link text, "](", link destination, ")";

My reading of the spec if that no escaping is needed/done on the link destination, and thus it is implicitly required that URIs do not contain ) so that a consumer can detect where the link destination ends.

Am I correct? Is this lack of ) guaranteed by RFC 3896, an additional constraint in SARIF, or is some kind of matching of ( and ) pairs assumed for SARIF consumers? (and is that guaranteed by RFC 3896?)

sthagen commented 2 weeks ago

Interesting question, thank you. I added the question and to be discussed labels, as I think the TC should consider this question.