?
Solved

Processing XML

Posted on 2013-11-13
21
Medium Priority
?
288 Views
Last Modified: 2013-11-22
I'm trying to create a string (from data inside an XML file) on the server then send it back to the client where it can be rendered using JavaScript.  Can anyone provide me a list of characters that cannot be embedded within a string?

Is there a way to filter out these characters?

I believe their are some characters that cannot be process due to security issues.  I just don't know which ones.

This appears to only happen when an element within the XML file contains

!DOCTYPE html PUBLIC
0
Comment
Question by:Ray Turner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
21 Comments
 
LVL 30

Expert Comment

by:Alexandre Simões
ID: 39647492
First thing is that if you're building data on the server to be processed in the client by javascript it should be in JSON, not XML...
1. It's much easier to manipulate
2. It's way less data on the wire

This said, and concerning the special chars, it really depends on what you're doing with that data. If it's a string it can be whatever. Just be careful with the markup you generate.
0
 
LVL 43

Expert Comment

by:Rob
ID: 39647594
Just to add that you can URL encode the string on the server and send that to the browser.  I prefer to use htmlentities if you're using PHP as it will send the special characters as html codes: http://php.net/manual/en/function.htmlentities.php

see here for a simple example:
http://jsbin.com/iJisUtin/2/edit

window.onload = function() {
  document.body.innerHTML = '<!DOCTYPE html PUBLIC>';
 
};
0
 
LVL 28

Expert Comment

by:sybe
ID: 39647709
The question is unclear to me.

There is no list of characters that can not be embedded in a string.
If you mean to ask about invalid characters in an XML document, yes there are.
But you do not have to worry about it if you build XML using an XML object instead of building a string which you hope to be valid XML.
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 

Author Comment

by:Ray Turner
ID: 39648108
So WriteXml takes care of the invalid characters?
0
 

Author Comment

by:Ray Turner
ID: 39648264
Here's exactly what I'm trying to do:
1. Store data in XML
2. Query the data using LINQ
3. The results are sent back to the client
4. Data is then rendered using JavaScript setting innerHTML

document.getElementById('data').innerHTML  = [Value Returned];

This does not  work when the data returned contain DOCTYPE.  That's why I wonder if some character(s) could be the cause of this behavior.

Any ideas???
0
 

Author Comment

by:Ray Turner
ID: 39648858
Here the block of XML data I can't read.

<?xml version="1.0" standalone="yes"?>
<NewDataSet>
  <xs:schema id="NewDataSet" xmlns="" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
    <xs:element name="NewDataSet" msdata:IsDataSet="true" msdata:UseCurrentLocale="true">
      <xs:complexType>
        <xs:choice minOccurs="0" maxOccurs="unbounded">
          <xs:element name="Services">
            <xs:complexType>
              <xs:sequence>
                <xs:element name="ID" type="xs:int" minOccurs="0" />
                <xs:element name="Title" type="xs:string" minOccurs="0" />
                <xs:element name="Description" type="xs:string" minOccurs="0" />
                <xs:element name="Inactive" type="xs:boolean" minOccurs="0" />
                <xs:element name="DisplayOrder" type="xs:int" minOccurs="0" />
              </xs:sequence>
            </xs:complexType>
          </xs:element>
        </xs:choice>
      </xs:complexType>
    </xs:element>
  </xs:schema>
  <Services>
    <ID>5</ID>
    <Title>Provide information on interviewing</Title>
    <Description>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;
&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;
      &lt;head&gt;
            &lt;meta http-equiv="Con</Description>
    <Inactive>false</Inactive>
    <DisplayOrder>4</DisplayOrder>
  </Services>
  <Services>
    <ID>6</ID>
    <Title>Conduct training sessions, workshops or seminars</Title>
    <Description />
    <Inactive>false</Inactive>
    <DisplayOrder>5</DisplayOrder>
  </Services>
</NewDataSet>
0
 
LVL 43

Expert Comment

by:Rob
ID: 39649319
What's your JavaScript code? Can you post what you've got so far? The data on the xml looks fine and its url encoded with html entities already so I can't see an obvious issue without seeing your JavaScript code
0
 

Author Comment

by:Ray Turner
ID: 39649408
This is JQuery.

            var myResults = e.result.split('|');

            $("#BulletPoints").hide('fast');

            $('#BulletPoints').html(myResults[0]);

            $("#BulletPoints").fadeIn(800);
0
 
LVL 43

Expert Comment

by:Rob
ID: 39649433
ok thanks for that (fyi jquery is javascript).

What is in the result that you are wanting to split?

Can you please put console.log(result); before that line and post what that returns in the console (press F12 and click on the console tab).  I suspect that the string isn't always a pipe (|) separated file?
0
 

Author Comment

by:Ray Turner
ID: 39649532
Here's the string it is returning:

"<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">" & vbLf & "<html xmlns="http://www.w3.org/1999/xhtml">" & vbLf & "      <head>" & vbLf & "            <meta http-equiv="Con"

It never makes it to the JavaScript.
0
 
LVL 43

Expert Comment

by:Rob
ID: 39649579
When you say it never makes it to the javascript how do you know that is the string it is returning?  Was that the output to the "console.log"?
0
 
LVL 43

Expert Comment

by:Rob
ID: 39649591
the test above should be console.log(e.result); - my mistake.

Can you post the link your jquery is using to get the data?  I can then set up a test online to show you how to get the data into your webpage.
0
 

Author Comment

by:Ray Turner
ID: 39650040
A callback for JavaScript executes the following code on the server

     Dim doc = XDocument.Load(MapPath(Application("AppData") + "Services.xml"))
         Dim query = From Services In doc...<Services> _
                           Where Services.<ID>.Value = CInt(e.Parameter) _
                                 Select Services.<ID>.Value, _
                                 Services.<Description>.Value

This LINQ query returns the following string
"<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">" & vbLf & "<html xmlns="http://www.w3.org/1999/xhtml">" & vbLf & "      <head>" & vbLf & "            <meta http-equiv="Con"

Any query that do not return a string of this type works.
0
 
LVL 43

Expert Comment

by:Rob
ID: 39650076
Ok if that's the case what are you wanting do with that string? what if do want show?  JavaScript can parse the xml giving you access an dom object that can traverse get individual elements value the xml
0
 
LVL 43

Expert Comment

by:Rob
ID: 39650142
As i see it the hardest part is knowing what is going to be returned to the javascript.  Please do some tests with the console.log(e.result) and post when you get.
0
 

Author Comment

by:Ray Turner
ID: 39650405
I may have found the problem.

I modified the JavaScript to the following.  And it works!  I just need to remove the '& vbLf &'

I'll let you know what I find.

            var myResults = e.result.split('|');

            $("#BulletPoints").hide('fast');

            var test = '"<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">" & vbLf & "<html xmlns="http://www.w3.org/1999/xhtml">" & vbLf & "      <head>" & vbLf & "            <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>" & vbLf & "            </title>" & vbLf & "            <style type="text/css">" & vbLf & "                  .cs37063928{text-align:left;margin:0pt 0pt 0pt 0pt;list-style-type:disc;color:#000000;background-color:transparent;font-family:Arial;font-size:12pt;font-weight:normal;font-style:normal}" & vbLf & "                  .csE8AC24F0{color:#000000;background-color:transparent;font-family:Arial;font-size:12pt;font-weight:normal;font-style:normal;}" & vbLf & "                  .cs2654AE3A{text-align:left;text-indent:0pt;margin:0pt 0pt 0pt 0pt}" & vbLf & "                  .cs63EB74B2{color:#000000;background-color:transparent;font-family:Times New Roman;font-size:12pt;font-weight:normal;font-style:normal;}" & vbLf & "            </style>" & vbLf & "      </head>" & vbLf & "      <body>" & vbLf & "            <ul style="margin-top:0;margin-bottom:0;">" & vbLf & "                  <li class="cs37063928"><span class="csE8AC24F0">Understand the process of career preparation. </span></li><li class="cs37063928"><span class="csE8AC24F0">Understand the differences between career development, career planning and management. Identify accomplishments, strengths, and limitation. </span></li><li class="cs37063928"><span class="csE8AC24F0">Identify key and support players to build a viable network. </span></li><li class="cs37063928"><span class="csE8AC24F0">Recognize/accept responsibility for self-awareness. </span></li><li class="cs37063928"><span class="csE8AC24F0">Construct a career development roadmap. </span></li><li class="cs37063928"><span class="csE8AC24F0">Become familiar with Career Development Planning and Management Tools.</span></li></ul>" & vbLf & "            <p class="cs2654AE3A"><span class="cs63EB74B2">&nbsp;</span></p></body>" & vbLf & "</html>" & vbLf & ""';

            $('#BulletPoints').html(test);

            //$('#BulletPoints').html(myResults[0]);

            $("#BulletPoints").fadeIn(800);
0
 
LVL 43

Expert Comment

by:Rob
ID: 39650476
it's easy enough for the javascript to remove all the vbLf using the replace / regex function.  I would then parse it as html and pull out the detai you need, eg just the html within the body.

test = test.replace(/&[ ]+vbLf[ ]+&/g,"");
test = test.replace(/\"/g,"");
0
 

Author Comment

by:Ray Turner
ID: 39650950
Thanks tagit,

I need to do that on the server, then send the string back to the client.  Do you have a Visual Basic version of this?

By the way, I'm using the new Visual Studio 2013 that was just released earlier this week.  This may be a bug :)
0
 

Accepted Solution

by:
Ray Turner earned 0 total points
ID: 39654074
Thanks.  I wrote the following code to resolve the issue.

   Shared Function RemoveDOCTYPE(inString As String) As String
      Dim ret As String = inString

      If inString.Contains("<!DOCTYPE") Then
         Dim pos1 As Integer = ret.IndexOf("<!DOCTYPE html")
         Dim pos2 As Integer = ret.IndexOf("/>", pos1)

         ret = ret.Substring(pos2 + 2)
         ret = ret.Replace("<title>", "")
         ret = ret.Replace("</title>", "")
         ret = ret.Replace("</head>", "")
         ret = ret.Replace("<body>", "")
         ret = ret.Replace("</body>", "")
         ret = ret.Replace("</html>", "")
      End If

      Return ret
   End Function
0
 
LVL 43

Assisted Solution

by:Rob
Rob earned 2000 total points
ID: 39654101
Good job, beat me to it ;)  Just be aware that <head> and <body> tags will still be present in the xml you're sending so it could still have unexpected results.
0
 

Author Closing Comment

by:Ray Turner
ID: 39668426
This is appears to be the best solution.
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
In this tutorial viewers will learn how add a scalable full-width header using CSS3. Create a new HTML document with an internal stylesheet. Set a tiled background.:  Create a new div and name it Header. Position it with position:absolute at the top…
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question