Re: [xml-dev] Error and Fatal Error

[Peter Flynn <peter@silmaril.ie>]

On 17/07/11 20:30, Stephen D Green wrote:
>
> On 17 July 2011 19:34, Chris Burdess <dog@bluezoo.org
> <mailto:dog@bluezoo.org>> wrote:
>
>     So you're creating not-well-formed XML yourself and then complaining
>     that XML parsers don't process it?
>
>     It's a little hard to have sympathy with your viewpoint in that
>     case. Why don't you just create well-formed XML instead?
>
>
> because the XML content includes data input into textbox controls, etc
> in a webpage and we do not want to prevent users�inputing '<' and '&'

No more should you, but your process must trap them and convert them to 
something harmless.

This is the same as you would do for any application: I trap the 
backslash and other characters for input destined for LaTeX; and I trap 
the semicolon and other characters for input destined for MySQL. This is 
standard procedure, and I am not clear what your problem with it is.

Presumably when your users type < they want a less-than to appear in the 
resulting output, and when they type & they want an ampersand. You 
cannot expect them to know that you are running XML behind the scenes, 
so you must act as a shield to keep them in ignorance of this. The 
alternatives are either to train them to understand, or to use a proper 
embedded-XML edit-window interface as I suggested earlier.

///Peter