Loading ...
Sorry, an error occurred while loading the content.

1592Re: [syndication] HTML Encoding BooHoo...

Expand Messages
  • Mark Nottingham
    May 23 10:40 AM
    • 0 Attachment
      On Wed, May 23, 2001 at 12:57:37PM -0400, Morbus Iff wrote:
      > ** I eventually tracked the culprit to nothing in my code, but rather the
      > XML::Simple perl module, which seems to magick <XML> into <XML> all
      > by itself. I'm still investigating, but seeing the file encoded, and then
      > loading it through XML::Simple and Data::Dump[ing] it shows that it's
      > autoconverted. Why, I'm not sure...

      It does that because that's what it's supposed to do; XML processors
      must resolve entities automagically. If they want "<XML>" to be
      rendered by the final browser, it should be encoded in the RSS feed
      as:

      &lt;XML&gt;
      so that it will come out of the XML parser as:
      <XML>
      which will be rendered by the HTML parser as:
      <XML>

      Practically, the best thing to do is probably scan and allow a
      pre-determined subset of HTML, and entity-encode everything else (as
      is suggested by Dan).

      Cheers,



      --
      Mark Nottingham
      http://www.mnot.net/
    • Show all 7 messages in this topic