guile-user
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to render raw data using sxml?

From: tomas
Subject: Re: How to render raw data using sxml?
Date: Wed, 13 Jul 2016 11:57:46 +0200
User-agent: Mutt/1.5.21 (2010-09-15) 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Jul 12, 2016 at 10:23:20PM +0200, Jakub Jankiewicz wrote:

[...]

> I've commented out (#\" . "quot") in alist->hash-table and it work. thanks
> for your help.

I wised up a bit, to get an idea on how it's supposed to work (if there's
such a thing on the Internet ;-) and found out:

 - in XHTML, the content of the script tag is parsed character data
   (#PCDATA). This means that entities (" and so on) *will be
   parsed and substituted*. Not so for HTML: there it's raw character
   data (#CDATA), and no entity substitution is supposed to happen [1]

   So your approach goes in the right direction. When outputting
   HTML, no substitution is supposed to be done (no " and no
   < and so on).

 - But how you keep your thing from tripping over some nasty
   </script> deeply embedded in the javascript text, then?
   The very readable [2] suggests: don't do it, then. That
   means: munge the javascript until it doesn't contain that
   nastygram. E.g.

   var nasty="</script\>";

   Whee. Looks kinda cool, somehow. (that means you can only
   automate this task if you manage to kinda half-parse the
   provided javascript thing, right? But perhaps one can prove
   that "</" isn't a valid sequence in javascript outside a
   string literal?). 

Hope you enjoyed that ;-)

[1] http://www.w3schools.com/tags/tag_script.asp
[2] http://jibbering.com/faq/faq_notes/script_tags.html

- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAleGEJkACgkQBcgs9XrR2kZxlgCfR+ypMDs0oAeT/G5NbGnqw0Ib
2Y0An3Ll/SbA8QH7V88u965pXVj9Ovfu
=2Ow0
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]