Re: Re: How can I insert 'raw' (X|XHT|HT)ML into my DOM?

> On Thursday 16 January 2003 19:18, dcorbin@xxxxxxxxxxxxxx wrote:
>> > Something I have done before is to have another auxilary Document
>> > that has the document fragment, or fragments that I want to insert
>> > into my main DOM. When creating the main Document, I insert
>> > fragments from the other DOM. This allows you the possibility of
>> > having many variations in the dynamic data.   The auxilary Document
>> > may have many "<div>" elements or other block elements.  You can
>> > pick and choose which one(s) you need to insert into the master
>> > document.
>> >
>> > This may or may not apply to your situation. If the markup comes
>> > from an external source, then this may not work for you.
>>
>> I do this too. It's definately a great XMLC pattern. "Someone" needs
>> to write up all the good Xmlc Patterns....   But, it doesn't help in
>> this situation.  What I'm doing is very wiki-like.  I've got a big
>> string of text, that is being converted into (X)HTML.  It's not that I
>> can't build a DOM by parsing this text bit-by-bit.  It's jut that's a
>> real pain to do so, where as doing a lot of regularExpression
>> substitution looks very simple.
>
> Hmmm. I'd probably go the clean and safe way and build a DOM out of it
> -  especially if you don't want to be locked into (X)HTML for output
> but want to  produce different output formats as well (say, WML or
> cHTML for wireless, or  DocBook for printing). After all, if your
> snippets already are in XHTML  format, you can simply run them through
> a standard XML parser - no need to  write your own.
>
Well, the snippets are XHTML *fragments*, not valid documents.  I don't
know what the parsing implications of that are.
> Another consideration (especially if this is really a Wiki-Type
> application,  i.e. it's accessible to the public) is protection against
> "Web Bugs" (e.g.  malicious JavaScripts) inserted by users - it's quite
> difficult to check for  all possibilities using regexps, but it's easy
> to strip down the XHTML DTD to  a safe, reduced subset (e.g, only <b>,
> <i>, <p>, <ul>, <ol> and <li> allowed)  and validate your snippets
> against that if you're using a DOM parser.

It's semi-public, but I don't allow HTML in the user-input (in part for
the reasons you sited) - it will all be "specialized formatting stuff".
>
> --
> Richard Kunze
>
> [ t]ivano Software, Bahnhofstr. 18, 63263 Neu-Isenburg
> Tel.: +49 6102 80 99 07 - 0, Fax.: +49 6102 80 99 07 - 1
> http://www.tivano.de, kunze@xxxxxxxxx
>
>
> _______________________________________________
> XMLC mailing list
> XMLC@xxxxxxxxxxx
> http://www.enhydra.org/mailman/listinfo.cgi/xmlc