By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,345 Members | 1,758 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,345 IT Pros & Developers. It's quick & easy.

XML DOM: XML/XHTML inside a text node

P: n/a
In my program, I get input from the user and insert it into an XHTML
document. Sometimes, this input will contain XHTML, but since I'm
inserting it as a text node, xml.dom.minidom escapes the angle brackets
('<' becomes '&lt;', '>' becomes '&gt;'). I want to be able to
override this behavior cleanly. I know I could pipe the input through
a SAX parser and create nodes to insert into the tree, but that seems
kind of messy. Is there a better way?

Thanks.

Nov 3 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
On Thu, 2 Nov 2005 no****@gmail.com wrote:
In my program, I get input from the user and insert it into an XHTML
document. Sometimes, this input will contain XHTML, but since I'm
inserting it as a text node, xml.dom.minidom escapes the angle brackets
('<' becomes '&lt;', '>' becomes '&gt;'). I want to be able to
override this behavior cleanly. I know I could pipe the input through
a SAX parser and create nodes to insert into the tree, but that seems
kind of messy. Is there a better way?
What about parsing the input into XML first? Is there any point in including
unescaped code into XML document unless it is XML itself?

Thanks.


Sincerely yours, Roman Suzi
--
rn*@onego.ru =\= My AI powered by GNU/Linux RedHat 7.3
Nov 3 '05 #2

P: n/a
Roman Suzi wrote:

On Thu, 2 Nov 2005 noa...@gmail.com wrote:
Is there a better way?


What about parsing the input into XML first? Is there any point in including
unescaped code into XML document unless it is XML itself?


Indeed. My approach would be to parse the user's input using the
parseString function, to get the "root element" of this newly parsed
document, and then to import that element into the existing document
using importNode. The imported document information could then be
inserted into the existing document at a suitable place. For example:

user_doc = xml.dom.minidom.parseString(user_input)
# NOTE: Check for element or use XPath here...
user_doc_root = user_doc.childNodes[0]
imported_root = existing_doc.importNode(user_doc_root, 1)
existing_doc_location.appendChild(imported_root)

Paul

Nov 3 '05 #3

P: n/a
no****@gmail.com wrote:
In my program, I get input from the user and insert it into an XHTML
document. Sometimes, this input will contain XHTML, but since I'm
inserting it as a text node, xml.dom.minidom escapes the angle brackets
('<' becomes '&lt;', '>' becomes '&gt;'). I want to be able to
override this behavior cleanly. I know I could pipe the input through
a SAX parser and create nodes to insert into the tree, but that seems
kind of messy. Is there a better way?


You could try version 2.13 of XIST (http://www.livinglogic.de/Python/xist)

Code looks like this:

from ll.xist.ns import html, specials

text = "Number 1 ... the <b>larch</b>"

e = html.div(
html.h1("And now for something completely different"),
html.p(specials.literal(text))
)
print e.asBytes()
This prints:
<div><h1>And now for something completely different</h1><p>Number 1 ...
the <b>larch</b></p></div>

I hope this is what you need.

Bye,
Walter Dörwald
Nov 4 '05 #4

P: n/a
"""
In my program, I get input from the user and insert it into an XHTML
document. Sometimes, this input will contain XHTML, but since I'm
inserting it as a text node, xml.dom.minidom escapes the angle brackets
('<' becomes '&lt;', '>' becomes '&gt;'). I want to be able to
override this behavior cleanly. I know I could pipe the input through
a SAX parser and create nodes to insert into the tree, but that seems
kind of messy. Is there a better way?
"""

Amara 1.1.6 supports inserting an XML fragment into a document or
element object. Many short examples here:

http://copia.ogbuji.net/blog/2005-09-21/Dare_s_XLI

excerpt:

Adding a <phone> element as a child of the <contact> element'

contacts.xml_append_fragment('<phone>%s</phone>'%'206-555-0168'

http://uche.ogbuji.net/tech/4suite/amara

--
Uche Ogbuji Fourthought, Inc.
http://uche.ogbuji.net http://fourthought.com
http://copia.ogbuji.net http://4Suite.org
Articles: http://uche.ogbuji.net/tech/publications/

Nov 4 '05 #5

P: n/a
[no****@gmail.com]
In my program, I get input from the user and insert it into an XHTML
document. Sometimes, this input will contain XHTML, but since I'm
inserting it as a text node, xml.dom.minidom escapes the angle brackets
('<' becomes '&lt;', '>' becomes '&gt;'). I want to be able to
override this behavior cleanly.


Why?

You need to make a decision on how the contained xhtml is treated after
it has been inserted into the document.

1. If it is simply textual payload, then it should be perfectly
acceptable to escape those characters. Or you could include it as a
CDATA section.

2. If it needs to become a structural part of the xml document, i.e. the
elements are structurally incorporated into the document, then you need
to transform it into nodes somehow, e.g. by parsing it with sax, etc.
Although it would probably be easier to parse it into a separate DOM and
import the generated root node into your document.

Is this xhtml coming from a trusted source? Or are you accepting it from
strangers, over the internet? If the latter, there are security concerns
relating to XSS attacks that you need to be aware of.

See the following archive post for how to clean up untrusted (x)html.

http://groups.google.com/group/comp....b6510990a25f9a

HTH,

--
alan kennedy
------------------------------------------------------
email alan: http://xhaus.com/contact/alan
Nov 4 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.