OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] Error and Fatal Error

On 17/07/11 20:30, Stephen D Green wrote:
> On 17 July 2011 19:34, Chris Burdess <dog@bluezoo.org
> <mailto:dog@bluezoo.org>> wrote:
>     So you're creating not-well-formed XML yourself and then complaining
>     that XML parsers don't process it?
>     It's a little hard to have sympathy with your viewpoint in that
>     case. Why don't you just create well-formed XML instead?
> because the XML content includes data input into textbox controls, etc
> in a webpage and we do not want to prevent users�inputing '<' and '&'

No more should you, but your process must trap them and convert them to 
something harmless.

This is the same as you would do for any application: I trap the 
backslash and other characters for input destined for LaTeX; and I trap 
the semicolon and other characters for input destined for MySQL. This is 
standard procedure, and I am not clear what your problem with it is.

Presumably when your users type < they want a less-than to appear in the 
resulting output, and when they type & they want an ampersand. You 
cannot expect them to know that you are running XML behind the scenes, 
so you must act as a shield to keep them in ignorance of this. The 
alternatives are either to train them to understand, or to use a proper 
embedded-XML edit-window interface as I suggested earlier.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS