> There exists a shared protocol. It's called "explain it". But that's typically not even needed, the user can just look at the data and figure it out.
This is the root cause of 99% of all parse errors and security holes in the world.
If you just "look" on the output of ls in some arbitrary directory there is nothing there telling you that a file name can contain a newline that will mess up the output. Write your parser with this assumption and it's broken. (See OP)
If i had a penny for every csv-"parser" I've seen that is just data=input.split(','); i would be a rich man now. Because the developer when looking at their data had no comma in any cell. Doesn't mean the customer don't have it.
I'm pretty sure most security errors come from implementations of complex binary formats. (Okay, there is the web world and I hear people still haven't learnt to escape their SQL queries).
ls is only for human consumption. I said this elsewhere in this thread.
CSV is utterly broken (at least was RFC'ed at some point, but the escaping rules are still shit. We have known for decades how to do it better).
This is the root cause of 99% of all parse errors and security holes in the world.
If you just "look" on the output of ls in some arbitrary directory there is nothing there telling you that a file name can contain a newline that will mess up the output. Write your parser with this assumption and it's broken. (See OP)
If i had a penny for every csv-"parser" I've seen that is just data=input.split(','); i would be a rich man now. Because the developer when looking at their data had no comma in any cell. Doesn't mean the customer don't have it.