Comments (14)
I thought about this and I still think escaping shouldn't be handled by AEXML.
Reason: if you get XML data which is already escaped (which it should be in order to be valid XML)
then you would only make it worse by escaping it again (ex. &
would become &
).
My opinion is that you should only get valid XML (or make it valid if it's not) before parsing it with AEXML,
and if you're creating XML data with AEXML you should escape it while doing that.
Eventually, there could be some helper method on AEXMLElement
that would escape it's value
property (or maybe even more generic that would take any string and return it escaped), which should be called manually when needed, but not automatically because of the previous example.
I would like to here more opinions on this matter, so I'll leave this open for now.
from aexml.
I feel just the opposite: a library should be escape-agnostic. You input valid (escaped) XML and get out valid JSON (not escaped), an object or whatever. Likewise you pass an object to the library or use data to create an AEXML object and xmlString should output valid XML (escaped). It would be very odd when creating XML to get an object from a database, then encode it first before passing the data on to library and then convert it to XML.
from aexml.
Also what came to mind today: Imagine you want to enable rendering the AEXML tree to different formats like JSON or a serialzed PHP object (i.e. by extending AEXML). Escaping values before adding them to the tree would break this functionality.
from aexml.
@ghowen - did you solved this escape characters like "greater than", "less than" issue ? I face same problem now a days.
from aexml.
Yes, I patched it and posted a pull request with the patch here. @tadija currently sees things a bit different from me so this thread would be the right place to voice your opinion to integrate the pull request if you feel this is the best solution for the problem.
from aexml.
I would appreciate if anyone could post some simple example (or even project) describing this issue in the real world.
The main thing I did not understand and for which I did not get answer, is how to prevent double escaping if you just enable escaping by default in AEXML, and it happens that you parse valid (already escaped) XML?
from aexml.
@tadija What do you mean with "enable escaping by default"?
The use case I frequently run into is this:
AEXMLElement.addChild("password", value: "verySecretWithSpecialChars&&<<>>!!!")
When I then look at the return value of AEXMLDocument.xmlString, I get invalid XML.
You propose to use AEXML like this:
AEXMLElement.addChild("password", value: "verySecretWithSpecialChars&&<<>>!!!")
which IMHO is not very intuitive when the password is supplied by some user input.
from aexml.
@ghowen Ok, now I see where is the problem, we had a missunderstanding apparently.
For the whole time, I was looking at this from the other side which is parsing some XML from the external source instead of generating XML 'internally' via AEXML.
If you look from my perspective, after merging your pull request, we would have situation when parsing XML from external source which is 'double escaping' if that XML was already escaped (which it should be in order to be valid XML).
That's why at first I suggested that this escaping should be something 'optional' to use when you need it (helper method), so we wouldn't broke existing parsing functionality.
There can of course be some better way too, I'll think about solution for this hopefully soon.
from aexml.
@tadija Very good that we are clearer now.
What I still do not understand is how my patch should interfere with the parsing of XML from an external source. If you get valid XML from an external source, it will be escaped and the parser from iOS will convert it back to the special character value. So when you then access the xmlString property, it will then again correctly escape the special characters to valid XML.
from aexml.
@ghowen Have you tested that? If you did, maybe you could post some Xcode playground on this subject or something similar that proves the point, if not, I'll do it when I have a little time for that.
from aexml.
@tadija I did not test it with your code specifically but this is the way all XML parsers worked that I have used so far. Also I do not see your parser code using the xmlString property which could cause a double encoding.
I am also very busy at the moment so a playground would have to wait a bit.
from aexml.
@tadija, thanks for your great work on AEXML. I agree with @ghowen. An XML library should handle the escaping transparently, that means it should automatically escape all special characters when creating an XML document and of course do the opposite when parsing the document.
from aexml.
I finally had some time to test this in playgrounds, and I'm glad to announce that in latest AEXML version (2.0.0) escaping is included. Thanks for the feedback!
from aexml.
Special character "&" (ampersand) is not Parsing in your AEXML . . .I was used in my Project.
When i am trying to Parse Special Character "&" (ampersand) than error is occurrence. . . .
can any one help me ? What is the Solution of this Special Character ?
----------------------------------------------*
at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeString()
at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeInternal(Int32 depth)
at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeDictionary(Int32 depth)
at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeInternal(Int32 depth)
at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeList(Int32 depth)
at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeInternal(Int32 depth)
at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeDictionary(Int32 depth)
at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeInternal(Int32 depth)
at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeList(Int32 depth)
at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeInternal(Int32 depth)
at System.Web.Script.Serialization.JavaScriptObjectDeserializer.BasicDeserialize(String input, Int32 depthLimit, JavaScriptSerializer serializer)
from aexml.
Related Issues (20)
- module compiled with Swift 5.0 cannot be imported by the Swift 5.1 compiler. HOT 3
- could not find module 'AEXML' for target 'arm64-apple-ios'; found: x86_64 HOT 1
- AEXMLDocument Retain Cycle
- XML incomplete parsing
- module compiled with Swift 5.1 cannot be imported by the Swift 5.1.2 compiler HOT 6
- module compiled with Swift 5.1 cannot be imported by the Swift 5.1.2 compiler HOT 4
- Add child with end tag HOT 1
- Support for DTDs? HOT 4
- Parser doesn't handle "0" or "1" for Booleans HOT 1
- Sorted attributes
- Build Target out of date HOT 3
- AEXML.modulemap not found on iOS 14 HOT 4
- Xcode 12 build warning - 'IPHONEOS_DEPLOYMENT_TARGET' is set to 8.0 HOT 1
- Question
- Ability to exclude standalone attribute from document header HOT 3
- When <ruby> elements are used in html, other texts are vanished. HOT 1
- Error while parsing large files on linux
- Apple Silicon support HOT 4
- Privacy Manifest HOT 1
- Could not find module 'AEXML' for target 'x86_64-apple-ios-simulator'
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aexml.