xmlExec - sanitized output

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

xmlExec - sanitized output

youngwax
This post was updated on .
This is probably a noob question.  I am using jquery, with the form plugin to submit information, and the xmlExec plugin to handle responses.  As far as I can tell, the form plugin works, and the xmlExec receives and deals with an xml file.  It all seems to work, but what gets displayed on my screen has been sanitized - amper-less-than-semicolon and amper-greater-than-semicolon instead of <>.  I see what looks like source html displayed, instead of properly-displayed markup.  It's not useful, and I can't track down where it gets converted.  It looks like source html in both firefox and ie.  jquery commands are displayed properly.  Again, as far as I can tell, the xml (example shown below) arrives intact, and is processed by xmlExec.


------------------------------------------------------------------------------------------------------------
EDIT

My mistake was in the xml file.  I put extra <brackets> around the content.  Inside  <append select='#target'></append>, there should be only the intended content.
------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------
I have tried to pare down a source html file to the minimum.  An xml file follows. btw, I am new to these forums.  Is it good form to quote huge source files when replying?
------------------------------------------------------------------------------------------------------------

<html>
<head>
<script type="text/javascript" src="plugins/system/cork/jquery/jquery.js"></script><script type="text/javascript" src="plugins/system/cork/jquery/form.js"></script><script type="text/javascript" src="plugins/system/cork/jquery/xmlExec-1.0.3.js"></script><script> $(document).ready(function() { var options = { before: showRequest, // pre-submit callback after: function(responseXML, responseText) { $.xmlExec(responseXML); }, // post-submit callback dataType: 'xml' }; // bind form1 using 'ajaxForm' $('#myform').ajaxForm(options); // wire the 'Loading...' ajax indicator $('<div id="busy">Loading...</div>') .ajaxStart(function() {$(this).show();}) .ajaxStop(function() {$(this).hide();}) .prependTo('#oops'); $('#busy').hide(); // pre-submit callback function showRequest(formData, jqForm) { $('#output').html("Preparing to submit..."); // formData is an array; use $.param to convert it to a string to display it // (form plugin does this automatically when it submits the data) // alert('About to submit: \n\n' + $.param(formData)); return true; // here we could return false to prevent the form from being submitted } }) </script></head>
<body>
<div id="content">here is a content div
        <br>
        <form id="myform" name="myform" action="cork1.xml" method="post">
                <input type="text" id="name" name="name"
                value="asdf"> 
                <input type="submit"><br>
        </form>
        <br>
        </div>
        <div id="oops">was the oops div</div>
</body>
</html>

-------------------------------------------------------------------------------------
an xml example:

<root>
        <append select="#content">
<![CDATA[
        <pre>here is stuff with
        carriage
        returns
        </pre>
        ]]>
</append>
        <append select="#oops">
<![CDATA[here is stuff with breaks<br>kilroy <br> was <br> here]]>
</append>
        <eval>alert(hi mom);</eval>
</root>
Reply | Threaded
Open this post in threaded view
|

Re: xmlExec - sanitized output

Blair McKenzie-2
Have you tried removing the CDATA bits from the XML?

Blair

On 12/20/06, youngwax <[hidden email]> wrote:

This is probably a noob question.  I am using jquery, with the form plugin to
submit information, and the xmlExec plugin to handle responses.  As far as I
can tell, the form plugin works, and the xmlExec receives and deals with an
xml file.  It all seems to work, but what gets displayed on my screen has
been sanitized - amper-less-than-semicolon and amper-greater-than-semicolon
instead of <>.  I see what looks like source html displayed, instead of
properly-displayed markup.  It's not useful, and I can't track down where it
gets converted.  It looks like source html in both firefox and ie.  jquery
commands are displayed properly.  Again, as far as I can tell, the xml
(example shown below) arrives intact, and is processed by xmlExec.

------------------------------------------------------------------------------------------------------------
I have tried to pare down a source html file to the minimum.  An xml file
follows. btw, I am new to these forums.  Is it good form to quote huge
source files when replying?
------------------------------------------------------------------------------------------------------------

<html>
<head>
<script type="text/javascript"
src="plugins/system/cork/jquery/jquery.js"></script>
<script type="text/javascript"
src="plugins/system/cork/jquery/form.js"></script>
<script type="text/javascript"
src="plugins/system/cork/jquery/xmlExec-1.0.3.js"></script>
<script>
$(document).ready(function() {
        var options = {
                        before:   showRequest,  // pre-submit callback
                        after:    function(responseXML, responseText) {
                                $.xmlExec(responseXML);
                        }, // post-submit callback
                        dataType: 'xml'
        };

        // bind form1 using 'ajaxForm'
        $('#myform').ajaxForm(options);

         // wire the 'Loading...' ajax indicator
        $('<div id="busy">Loading...</div>')
                        .ajaxStart(function() {$(this).show();})
                        .ajaxStop(function() {$(this).hide();})
                        .prependTo('#oops');
        $('#busy').hide();

        // pre-submit callback
        function showRequest(formData, jqForm) {
                        $('#output').html("Preparing to submit...");

                        // formData is an array; use $.param to convert it
to a string to display it
                        // (form plugin does this automatically when it
submits the data)
                        // alert('About to submit: \n\n' +
$.param(formData));

                        return true; // here we could return false to
prevent the form from being submitted
        }
})
</script>
</head>
<body>
<div id="content">here is a content div
        <br>
        <form id="myform" name="myform" action="cork1.xml" method="post">
                <input type="text" id="name" name="name"
                value="asdf">
                <input type="submit"><br>
        </form>
        <br>
        </div>
        <div id="oops">was the oops div</div>
</body>
</html>

-------------------------------------------------------------------------------------
an xml example:

<root>
        <append select="#content"><![CDATA[
        <pre>here is stuff with
        carriage
        returns
        </pre>
        ]]></append>
        <append select="#oops"><![CDATA[here is stuff with breaks<br>kilroy
<br> was <br> here]]></append>
        <eval>alert(hi mom);</eval>
</root>

--
View this message in context: http://www.nabble.com/xmlExec---sanitized-output-tf2857111.html#a7982214
Sent from the jQuery Plugins mailing list archive at Nabble.com.


_______________________________________________
jQuery mailing list
[hidden email]
http://jquery.com/discuss/


_______________________________________________
jQuery mailing list
[hidden email]
http://jquery.com/discuss/
Reply | Threaded
Open this post in threaded view
|

Re: xmlExec - sanitized output

Ⓙⓐⓚⓔ
In reply to this post by youngwax
It's supposed to be that way! if you slip that &lt; stuff into your page it should appear as <!

Since the xml is correct xml and you are concerned about things like the carriage returns, you have properly encoded them.

Since there is no DTD or schema for the xml you can also write it all without CDATA , and get the xml as it is parsed. (with the returns in it, but under a pre node.


On 12/19/06, youngwax <[hidden email]> wrote:

This is probably a noob question.  I am using jquery, with the form plugin to
submit information, and the xmlExec plugin to handle responses.  As far as I
can tell, the form plugin works, and the xmlExec receives and deals with an
xml file.  It all seems to work, but what gets displayed on my screen has
been sanitized - amper-less-than-semicolon and amper-greater-than-semicolon
instead of <>.  I see what looks like source html displayed, instead of
properly-displayed markup.  It's not useful, and I can't track down where it
gets converted.  It looks like source html in both firefox and ie.  jquery
commands are displayed properly.  Again, as far as I can tell, the xml
(example shown below) arrives intact, and is processed by xmlExec.

------------------------------------------------------------------------------------------------------------
I have tried to pare down a source html file to the minimum.  An xml file
follows. btw, I am new to these forums.  Is it good form to quote huge
source files when replying?
------------------------------------------------------------------------------------------------------------

<html>
<head>
<script type="text/javascript"
src="plugins/system/cork/jquery/jquery.js"></script>
<script type="text/javascript"
src="plugins/system/cork/jquery/form.js"></script>
<script type="text/javascript"
src="plugins/system/cork/jquery/xmlExec-1.0.3.js"></script>
<script>
$(document).ready(function() {
        var options = {
                        before:   showRequest,  // pre-submit callback
                        after:    function(responseXML, responseText) {
                                $.xmlExec(responseXML);
                        }, // post-submit callback
                        dataType: 'xml'
        };

        // bind form1 using 'ajaxForm'
        $('#myform').ajaxForm(options);

         // wire the 'Loading...' ajax indicator
        $('<div id="busy">Loading...</div>')
                        .ajaxStart(function() {$(this).show();})
                        .ajaxStop(function() {$(this).hide();})
                        .prependTo('#oops');
        $('#busy').hide();

        // pre-submit callback
        function showRequest(formData, jqForm) {
                        $('#output').html("Preparing to submit...");

                        // formData is an array; use $.param to convert it
to a string to display it
                        // (form plugin does this automatically when it
submits the data)
                        // alert('About to submit: \n\n' +
$.param(formData));

                        return true; // here we could return false to
prevent the form from being submitted
        }
})
</script>
</head>
<body>
<div id="content">here is a content div
        <br>
        <form id="myform" name="myform" action="cork1.xml" method="post">
                <input type="text" id="name" name="name"
                value="asdf">
                <input type="submit"><br>
        </form>
        <br>
        </div>
        <div id="oops">was the oops div</div>
</body>
</html>

-------------------------------------------------------------------------------------
an xml example:

<root>
        <append select="#content"><![CDATA[
        <pre>here is stuff with
        carriage
        returns
        </pre>
        ]]></append>
        <append select="#oops"><![CDATA[here is stuff with breaks<br>kilroy
<br> was <br> here]]></append>
        <eval>alert(hi mom);</eval>
</root>

--
View this message in context: http://www.nabble.com/xmlExec---sanitized-output-tf2857111.html#a7982214
Sent from the jQuery Plugins mailing list archive at Nabble.com.


_______________________________________________
jQuery mailing list
[hidden email]
http://jquery.com/discuss/



--
Ⓙⓐⓚⓔ - יעקב   ʝǡǩȩ   ᎫᎪᏦᎬ
_______________________________________________
jQuery mailing list
[hidden email]
http://jquery.com/discuss/
Reply | Threaded
Open this post in threaded view
|

Re: xmlExec - sanitized output

malsup
In reply to this post by youngwax
Hi youngwax,

Like Blair said, you don't need the CDATA if you're sending back valid
XHTML.  That said, <br> is not valid XHTML.  Switch that to <br /> and
try it w/o the CDATA.  Also, it's great form to post a link to a
sample page if at all possible!

Mike

_______________________________________________
jQuery mailing list
[hidden email]
http://jquery.com/discuss/
Reply | Threaded
Open this post in threaded view
|

Re: xmlExec - sanitized output

youngwax
hey, I am thrilled to get several replies so quickly.  

The xml file contains greater-signs and less-signs.  I had hoped to add markup to my page.  It works if I add markup and content with jquery, but with xmlExec, it gets sanitized - I can only add plain content.  It seems fairly limiting, like something is not right.

I will try correcting the CDATA and <br>.  I put in CDATA to prevent firefox errors when I was looking at the raw xml file to see if it still had less-signs.

Thanks for the input.

_______________________________________________
jQuery mailing list
discuss@jquery.com
http://jquery.com/discuss/


Reply | Threaded
Open this post in threaded view
|

Re: xmlExec - sanitized output

youngwax
I seem to get the same appearance with all combinations of br, br /, [CDATA], or not [CDATA].  I still don't get functional markup.

Thanks
Reply | Threaded
Open this post in threaded view
|

Re: xmlExec - sanitized output

malsup
> I seem to get the same appearance with all combinations of br, br /, [CDATA],
> or not [CDATA].  I still don't get functional markup.

Can you post a sample page somewhere?  That would help us track it down.

_______________________________________________
jQuery mailing list
[hidden email]
http://jquery.com/discuss/
Reply | Threaded
Open this post in threaded view
|

Re: xmlExec - sanitized output

youngwax
I was enclosing content in less-than and greater-than.  Inside <append select='#here'>stuff</append>, I don't need more brackets, like <append select='#here'><bad brackets></append>.  Thanks for your help.  Now, I can move forward to the next simple obstacle.