[XSL-LIST Mailing List Archive Home] [By Thread] [By Date]

RE: [xsl] mystery #3: rendering embedded HTML

Subject: RE: [xsl] mystery #3: rendering embedded HTML
From: "Oleg Tkachenko" <olegt@xxxxxxxxxxxxx>
Date: Sat, 13 Apr 2002 13:51:56 +0200


> The last mystery for me for one day ;) -- this one I've heard can be
> done with msxml extensions, but I'd prefer a portable solution:
> Can I restore HTML that has been encoded as CDATA escaped PCDATA?
> Here's a scenario: Users enter free-hand (often broken) HTML into a
> webform textarea edit box. Their text is wrapped in an XML envelope,
> their HTML enclosed by <![CDATA[ ]]> to escape all the <>& chars and
> so the broken markup will parse.
I think it's bad idea to accept any data from users without any kind of input validation, that's poor design and may be dangerous too.
And I don't understand why markup data (user html) have to be represented as character data (CDATA). The better idea is to validate user input and fix up any errors at input stage and to well form that html by some html validator, take a look at HTML Tidy (tidy.sf.net) for example.

Oleg Tkachenko,
Multiconn International, Israel 

 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list

Current Thread