PRODUCTS

DOWNLOAD

BUY

LEARN

SUPPORT

COMPANY

Cart

[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: What data needs to be enclosed in CDATA tags? Play the video Subject: Re: What data needs to be enclosed in CDATA tags? From: Gustave Stresen-Reuter <tedmasterweb@xxxxxxx> Date: Wed, 28 Sep 2005 22:13:04 +0100 On Sep 28, 2005, at 9:42 PM, David Carlisle wrote: If I'm storing data that may contain encoded versions of <>&" and ', do I need to store that data in CDATA sections or am I misunderstanding the role of CDATA? I'm not sure what you mean, but don't (try to) use entities _amd_ CDATA. I'm working on a site documentation system that allows users to submit data about the current page. The data _could_ contain such characters and I was debating whether or not to convert them prior to committing them to the XML file. A web developer once told me to always store exactly what the users enter and this was one area where I thought there could be some problems... And this brings up an interesting potential security violation. If these characters weren't escaped, users could do something similar to the javascript cross-site scripting exploit. I don't know exactly what, but I could imagine that they could submit a link to a stylesheet on their own server that returns the contents of the XML file that this data is stored in. Thanks a lot for the clarification on the use of CDATA section. Ted Current Thread What data needs to be enclosed in CDATA tags? Gustave Stresen-Reuter - 28 Sep 2005 17:01:51 -0000 Geert Josten - 28 Sep 2005 19:50:19 -0000 David Carlisle - 28 Sep 2005 20:42:58 -0000 Gustave Stresen-Reuter - 28 Sep 2005 21:13:30 -0000 <= <- Previous Index Next -> Re: What data needs to be enc, David Carlisle Thread [no subject], Unknown Re: What data needs to be enc, David Carlisle Date [no subject], Unknown Month

PURCHASE STYLUS STUDIO ONLINE TODAY! Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE! Accelerate XML development with our award-winning XML IDE - Download a free trial today! Don't miss another message! Subscribe to this list today. Email First Name Last Name Company Subscribe in XML format RSS 2.0 Atom 0.3

Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.