You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Robin Green <gr...@hotmail.com> on 2000/11/16 22:13:48 UTC
Re: XSP: HOW TO parse xml markup contained in a request parameter?
Herbert Hotz <he...@symmetrix.ch> wrote:
----------------------
BUT, this copies the markup to the OUTPUT stream and what I want is,
to process it in the xsp page to fetch data from a database (via the
ESQL logicsheet).
Simply do not know, how to do that.
----------------------
Could you give me an idea of what is in the markup being fetched? Warning:
if you are letting users POST anything, including xsp:logic, that would be a
big potential security risk and that's exactly why ProducerFromRequest was
removed.
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
Re: XSP: HOW TO parse xml markup contained in a request parameter?
Posted by Herbert Hotz <he...@symmetrix.ch>.
Robin Green wrote:
> Herbert Hotz <he...@symmetrix.ch> wrote:
>
> ----------------------
> BUT, this copies the markup to the OUTPUT stream and what I want is,
> to process it in the xsp page to fetch data from a database (via the
> ESQL logicsheet).
>
> Simply do not know, how to do that.
>
> ----------------------
>
> Could you give me an idea of what is in the markup being fetched? Warning:
> if you are letting users POST anything, including xsp:logic, that would be a
> big potential security risk and that's exactly why ProducerFromRequest was
> removed.
>
>
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
>
> ----------------------------------------------------------------------------------------------------------------------
>
> Subject: XSP: HOW TO parse xml markup contained in a request parameter?
> Date: Thu, 16 Nov 2000 20:31:03 +0100
> From: Herbert Hotz <he...@symmetrix.ch>
> Reply-To: cocoon-users@xml.apache.org
> Organization: Symmetrix AG, Switzerland
> To: "cocoon-users@xml.apache.org" <co...@xml.apache.org>
>
> Hi all,
>
> I have to parse XML markup contained in a parameter from a HTTP
> request.
>
> I managed to get this into a java variable with the following,
> using a java class to handle multipart requests:
>
> <logic>
> Hashtable args = MultipartUtil.getFormParams(request);
> String xml = (String)MultipartUtil.getValue(args, "XML");
> </logic>
>
> Now the variable xml holds a complete DOM like
>
> <?xml version="1.0"?>
> <!DOCTYPE xyz:test SYSTEM "http://www.domain.com/test.dtd">
> <xyz:test x="value of x" xmlns:xy="http://www.domain.com">
> <xyz:foo a="123" b="456"/>
> <xyz:bar i="123" j="456"/>
> </xyz:test>
>
> I can parse and validate it with following xsp code:
>
> <!-- parse and validate XML markup contained in java variable xml -->
> <client-request>
> <util:include-expr>
> <util:expr>xml</util:expr>
> </util:include-expr>
> </client-request>
>
> BUT, this copies the markup to the OUTPUT stream and what I want is,
> to process it in the xsp page to fetch data from a database (via the
> ESQL logicsheet).
>
> Simply do not know, how to do that.
>
> Thanks for any pointers!
> Herbert
> --
> +----------------------+-------------------------------------------+
> | Herbert Hotz | Voice: +41 1 381 8880 |
> | Symmetrix AG | Fax: +41 1 381 2127 |
> | Muehle Tiefenbrunnen | GSM-SMS: +41 79 402 5704 |
> | Seefeldstrasse 231 | URL: http://www.symmetrix.ch/ |
> | CH-8008 Zurich | E-Mail: mailto:herbert.hotz@symmetrix.ch |
> +----------------------+-------------------------------------------+
> --------------------------------------------------------------------- To unsubscribe, e-mail:
> cocoon-users-unsubscribe@xml.apache.org For additional commands, e-mail: cocoon-users-help@xml.apache.org
>
> ----------------------------------------------------------------------------------------------------------------------
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
> For additional commands, e-mail: cocoon-users-help@xml.apache.org
>
Hi Robin,
Thanks for responding!
To let you imagine the contents of what markup is in the request
parameters, think of it as you would include it with xinclude does.
I don't see security problems with that.
BTW, I dont't know, if xinclude pipes the markup into xsp's input
stream. Perhaps you shade same light on it.
Xinclude needs an URL, but I dont't have one. The main reason why
do like my approach is, that I do not have to write my own java class
just to parse regular XML. I always thought cocoon is made for that
kind of task. ;-)
But to answer your questions, the requests contain id's (keys) to
access database records, as pointed out already in my former posting.
I MUST get the keys out of it, otherwise I wouldn't know, what records
to request form the database. For that I want to use ESQL.
Thanks,
Herbert
--
+----------------------+-------------------------------------------+
| Herbert Hotz | Voice: +41 1 381 8880 |
| Symmetrix AG | Fax: +41 1 381 2127 |
| Muehle Tiefenbrunnen | GSM-SMS: +41 79 402 5704 |
| Seefeldstrasse 231 | URL: http://www.symmetrix.ch/ |
| CH-8008 Zurich | E-Mail: mailto:herbert.hotz@symmetrix.ch |
+----------------------+-------------------------------------------+