This is the mail archive of the xsl-list@mulberrytech.com mailing list .


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: mystery #3: rendering embedded HTML


Hello!

> The last mystery for me for one day ;) -- this one I've heard can be
> done with msxml extensions, but I'd prefer a portable solution:
> 
> Can I restore HTML that has been encoded as CDATA escaped PCDATA?
> 
> Here's a scenario: Users enter free-hand (often broken) HTML into a
> webform textarea edit box. Their text is wrapped in an XML envelope,
> their HTML enclosed by <![CDATA[ ]]> to escape all the <>& chars and
> so the broken markup will parse.
I think it's bad idea to accept any data from users without any kind of input validation, that's poor design and may be dangerous too.
And I don't understand why markup data (user html) have to be represented as character data (CDATA). The better idea is to validate user input and fix up any errors at input stage and to well form that html by some html validator, take a look at HTML Tidy (tidy.sf.net) for example.

---
Oleg Tkachenko,
Multiconn International, Israel 


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]