Hi, On 8/7/07, Gertjan van Oosten <[EMAIL PROTECTED]> wrote: > In fact, it could even be harmful; what if some aspect of your feature, > say the name, contains specially crafted HTML tags? Your application > might break. You should never unescape input that's user-provided. > Too bad the nightly examples are currently down, otherwise I would show > it in the wfs-t demo.
What exactly do you want to show? > > > Note that just returning > > > the serializedDoc also will not produce the expected result. > > > > Why not? It is correct XML, and should be output as such. Sure, but GeoRSS feeds often encode escaped HTML into XML tags. > Let me stress this, because I think it's important: the current paint() > method in WidgetBaseXSL calls transformNodeToString(), which means all > widgets potentially suffer from this bug. There should be no need to > unescape the serializedDoc, since the XML it contains is already valid. > If it for some reason contains escaped characters that you need to > unescape (although I still don't see a clear case for this), do it where > you need them unescaped, not in the basic widget transform. This is why I only did it in TipWidgetOL, and not in WidgetBaseXSL.js. Regards, Andreas. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ mapbuilder-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/mapbuilder-devel
