[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to render raw data using sxml?

From: tomas
Subject: Re: How to render raw data using sxml?
Date: Wed, 13 Jul 2016 11:57:46 +0200
User-agent: Mutt/1.5.21 (2010-09-15)

Hash: SHA1

On Tue, Jul 12, 2016 at 10:23:20PM +0200, Jakub Jankiewicz wrote:


> I've commented out (#\" . "quot") in alist->hash-table and it work. thanks
> for your help.

I wised up a bit, to get an idea on how it's supposed to work (if there's
such a thing on the Internet ;-) and found out:

 - in XHTML, the content of the script tag is parsed character data
   (#PCDATA). This means that entities (" and so on) *will be
   parsed and substituted*. Not so for HTML: there it's raw character
   data (#CDATA), and no entity substitution is supposed to happen [1]

   So your approach goes in the right direction. When outputting
   HTML, no substitution is supposed to be done (no " and no
   < and so on).

 - But how you keep your thing from tripping over some nasty
   </script> deeply embedded in the javascript text, then?
   The very readable [2] suggests: don't do it, then. That
   means: munge the javascript until it doesn't contain that
   nastygram. E.g.

   var nasty="</script\>";

   Whee. Looks kinda cool, somehow. (that means you can only
   automate this task if you manage to kinda half-parse the
   provided javascript thing, right? But perhaps one can prove
   that "</" isn't a valid sequence in javascript outside a
   string literal?). 

Hope you enjoyed that ;-)


- -- tomás
Version: GnuPG v1.4.12 (GNU/Linux)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]