You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cocoon.apache.org by Robin Green <gr...@hotmail.com> on 2000/11/16 22:13:48 UTC

Re: XSP: HOW TO parse xml markup contained in a request parameter?

Herbert Hotz <he...@symmetrix.ch> wrote:

----------------------
BUT, this copies the markup to the OUTPUT stream and what I want is,
  to process it in the xsp page to fetch data from a database (via the
  ESQL logicsheet).

  Simply do not know, how to do that.

----------------------

Could you give me an idea of what is in the markup being fetched? Warning: 
if you are letting users POST anything, including xsp:logic, that would be a 
big potential security risk and that's exactly why ProducerFromRequest was 
removed.



_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.

Re: XSP: HOW TO parse xml markup contained in a request parameter?

Posted by Herbert Hotz <he...@symmetrix.ch>.

Robin Green wrote:

> Herbert Hotz <he...@symmetrix.ch> wrote:
>
> ----------------------
> BUT, this copies the markup to the OUTPUT stream and what I want is,
>   to process it in the xsp page to fetch data from a database (via the
>   ESQL logicsheet).
>
>   Simply do not know, how to do that.
>
> ----------------------
>
> Could you give me an idea of what is in the markup being fetched? Warning:
> if you are letting users POST anything, including xsp:logic, that would be a
> big potential security risk and that's exactly why ProducerFromRequest was
> removed.
>
>
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
>
>       ----------------------------------------------------------------------------------------------------------------------
>
> Subject: XSP: HOW TO parse xml markup contained in a request parameter?
> Date: Thu, 16 Nov 2000 20:31:03 +0100
> From: Herbert Hotz <he...@symmetrix.ch>
> Reply-To: cocoon-users@xml.apache.org
> Organization: Symmetrix AG, Switzerland
> To: "cocoon-users@xml.apache.org" <co...@xml.apache.org>
>
> Hi all,
>
> I have to parse XML markup contained in a parameter from a HTTP
> request.
>
> I managed to get this into a java variable with the following,
> using a java class to handle multipart requests:
>
> <logic>
>  Hashtable args = MultipartUtil.getFormParams(request);
>  String xml = (String)MultipartUtil.getValue(args, "XML");
> </logic>
>
> Now the variable xml holds a complete DOM like
>
> <?xml version="1.0"?>
> <!DOCTYPE xyz:test SYSTEM "http://www.domain.com/test.dtd">
> <xyz:test x="value of x" xmlns:xy="http://www.domain.com">
>  <xyz:foo a="123" b="456"/>
>  <xyz:bar i="123" j="456"/>
> </xyz:test>
>
> I can parse and validate it with following xsp code:
>
> <!-- parse and validate XML markup contained in java variable xml -->
> <client-request>
>  <util:include-expr>
>   <util:expr>xml</util:expr>
>  </util:include-expr>
> </client-request>
>
> BUT, this copies the markup to the OUTPUT stream and what I want is,
> to process it in the xsp page to fetch data from a database (via the
> ESQL logicsheet).
>
> Simply do not know, how to do that.
>
> Thanks for any pointers!
> Herbert
> --
> +----------------------+-------------------------------------------+
> | Herbert Hotz         | Voice:   +41 1 381 8880                   |
> | Symmetrix AG         | Fax:     +41 1 381 2127                   |
> | Muehle Tiefenbrunnen | GSM-SMS: +41 79 402 5704                  |
> | Seefeldstrasse 231   | URL:    http://www.symmetrix.ch/         |
> | CH-8008 Zurich       | E-Mail: mailto:herbert.hotz@symmetrix.ch |
> +----------------------+-------------------------------------------+
>   --------------------------------------------------------------------- To unsubscribe, e-mail:
> cocoon-users-unsubscribe@xml.apache.org For additional commands, e-mail: cocoon-users-help@xml.apache.org
>
>       ----------------------------------------------------------------------------------------------------------------------
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
> For additional commands, e-mail: cocoon-users-help@xml.apache.org
>

Hi Robin,

Thanks for responding!

To let you imagine the contents of what markup is in the request
parameters, think of it as you would include it with xinclude does.
I don't see security problems with that.

BTW, I dont't know, if xinclude pipes the markup into xsp's input
stream. Perhaps you shade same light on it.

Xinclude needs an URL, but I dont't have one. The main reason why
do like my approach is, that I do not have to write my own java class
just to parse regular XML. I always thought cocoon is made for that
kind of task. ;-)

But to answer your questions, the requests contain id's (keys) to
access database records, as pointed out already in my former posting.

I MUST get the keys out of it, otherwise I wouldn't know, what records
to request form the database. For that I want to use ESQL.

Thanks,
Herbert
--
+----------------------+-------------------------------------------+
| Herbert Hotz         | Voice:   +41 1 381 8880                   |
| Symmetrix AG         | Fax:     +41 1 381 2127                   |
| Muehle Tiefenbrunnen | GSM-SMS: +41 79 402 5704                  |
| Seefeldstrasse 231   | URL:     http://www.symmetrix.ch/         |
| CH-8008 Zurich       | E-Mail:  mailto:herbert.hotz@symmetrix.ch |
+----------------------+-------------------------------------------+