thr3ads.net - Rails - [Rails] Problems passing un-sanitized XML to client [Jan 2006]

If this information is useful, please help other people find it:
Share via:

Derek Gulbranson

2006-Jan-06 00:26 UTC

[Rails] Problems passing un-sanitized XML to client

I''m trying to store an xsl stylesheet in the database and return it  
to the client, but at some point in the process all the angle  
brackets, etc are parsed out of the xml, so I get &lt;defaults&gt;  
instead of <defaults>. Anyone have any pointers how I would go about  
turning off that behavior?

-Derek

Alex Young

2006-Jan-06 08:52 UTC

head link

[Rails] Problems passing un-sanitized XML to client

Derek Gulbranson wrote:> I''m trying to store an xsl stylesheet in the database and return
it  to
> the client, but at some point in the process all the angle  brackets, 
> etc are parsed out of the xml, so I get &lt;defaults&gt;  instead
of
> <defaults>. Anyone have any pointers how I would go about  turning
off
> that behavior?
> Assuming it''s just being piped down to the browser, check
you''ve not got
anything like:

<%=h @xsl %>

in your views.  The ''h'' is short for
''html_escape''.

Other than that, we''ll need to know more about the path the xsl takes 
between the database and the client.

-- 
Alex

Derek Gulbranson

2006-Jan-07 19:14 UTC

head link

[Rails] Re: Problems w/SOAP and passing un-sanitized XML strings to client

So I installed the Arachno Ruby IDE and was able to track down a bit  
of what''s happening. The string seems to get encoded somewhere in the  
ActionWebServices::Protocol::Soap::SOAPMarshaler process, although  
the Arachno Ruby IDE interface doesn''t allow me to inspect the full  
value of variables, only the first little bit that shows up in the  
side panel, so I inspect the full string and to see exactly where  
it''s happening. Definitely happening somewhere within the soap  
libraries. I guess since it gets a string, it sanitizes it.

I tried passing a REXML object instead of a string but same result.  
Maybe I should create some sort of SOAP object out of the string? But  
what kind? I have only a basic concept of what SOAP is and the SOAP  
libraries are fairly over my head, so any suggestions would be  
appreciated.

But basically I believe that the :string type will not work for  
passing XML or HTML via the SOAP protocol with ActionWebServices, as  
strings always get sanitized by the SOAP libraries.

-Derek

On Jan 5, 2006, at 4:25 PM, Derek Gulbranson wrote:
> I''m trying to store an xsl stylesheet in the database and return
it
> to the client, but at some point in the process all the angle  
> brackets, etc are parsed out of the xml, so I get &lt;defaults&gt;
> instead of <defaults>. Anyone have any pointers how I would go  
> about turning off that behavior?
>
> -Derek

Possibly Parallel Threads

Search for more maybe matching threads

Rails - Jan 2006 - Problems passing un-sanitized XML to client

[Rails] Problems passing un-sanitized XML to client

[Rails] Problems passing un-sanitized XML to client

[Rails] Re: Problems w/SOAP and passing un-sanitized XML strings to client

Possibly Parallel Threads