Marc Weber wrote:
Many web applications are using kind of
xml += "<div>#{xml_content_from_db}</div>";
which of course is unsafe. Which is the urweb way?
Is there a blessXml function ?
Every XML type is represented with strings at the C level, so you can
use the FFI to circumvent the type system in any way you like.
Naturally, I'm not too eager to call that "the Ur/Web way." ;)
More interesting is some HTML parsing code which I just added to the
Meta library (that I announced yesterday). This will let you convert
arbitrary strings into verified HTML, and the library is implemented
entirely within Ur. See the [Html] module and the "testHtml" test.
Which is the urweb way storing xml in a database and including it into a
page?
If you only write into the database from the same Ur/Web application (or
exercise care in writing externally, so that you observe the Ur/Web
types), then simple code like this gets the job done.
table xmly : {Enced : serialized xbody}
fun main' () =
dml (INSERT INTO xmly (Enced) VALUES ({[serialize <xml><b>Whoa!</b>
Yeah!</xml>]}));
x <- oneRowE1 (SELECT (xmly.Enced)
FROM xmly);
return <xml><body>{deserialize x}</body></xml>
fun main () = return <xml><body><form><submit
action={main'}/></form></body></xml>
If we are at it: Does it make sense to encode the encoding of a string
somehow?
Maybe so, but I'm woefully underinformed about encodings. The last time
I looked into this, I think my conclusion was that sticking with UTF-8
could please everybody reasonably well.
_______________________________________________
Ur mailing list
[email protected]
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
