Escaping special characters about aexml HOT 14 CLOSED

I thought about this and I still think escaping shouldn't be handled by AEXML.

Reason: if you get XML data which is already escaped (which it should be in order to be valid XML)
then you would only make it worse by escaping it again (ex. & would become &).

My opinion is that you should only get valid XML (or make it valid if it's not) before parsing it with AEXML,
and if you're creating XML data with AEXML you should escape it while doing that.

Eventually, there could be some helper method on AEXMLElement that would escape it's value property (or maybe even more generic that would take any string and return it escaped), which should be called manually when needed, but not automatically because of the previous example.

I would like to here more opinions on this matter, so I'll leave this open for now.

from aexml.

I feel just the opposite: a library should be escape-agnostic. You input valid (escaped) XML and get out valid JSON (not escaped), an object or whatever. Likewise you pass an object to the library or use data to create an AEXML object and xmlString should output valid XML (escaped). It would be very odd when creating XML to get an object from a database, then encode it first before passing the data on to library and then convert it to XML.

from aexml.

Also what came to mind today: Imagine you want to enable rendering the AEXML tree to different formats like JSON or a serialzed PHP object (i.e. by extending AEXML). Escaping values before adding them to the tree would break this functionality.

from aexml.

@ghowen - did you solved this escape characters like "greater than", "less than" issue ? I face same problem now a days.

from aexml.

Yes, I patched it and posted a pull request with the patch here. @tadija currently sees things a bit different from me so this thread would be the right place to voice your opinion to integrate the pull request if you feel this is the best solution for the problem.

from aexml.

I would appreciate if anyone could post some simple example (or even project) describing this issue in the real world.

The main thing I did not understand and for which I did not get answer, is how to prevent double escaping if you just enable escaping by default in AEXML, and it happens that you parse valid (already escaped) XML?

from aexml.

@tadija What do you mean with "enable escaping by default"?

The use case I frequently run into is this:

AEXMLElement.addChild("password", value: "verySecretWithSpecialChars&&<<>>!!!")

When I then look at the return value of AEXMLDocument.xmlString, I get invalid XML.

You propose to use AEXML like this:

AEXMLElement.addChild("password", value: "verySecretWithSpecialChars&&<<>>!!!") 

which IMHO is not very intuitive when the password is supplied by some user input.

from aexml.

@ghowen Ok, now I see where is the problem, we had a missunderstanding apparently.

For the whole time, I was looking at this from the other side which is parsing some XML from the external source instead of generating XML 'internally' via AEXML.

If you look from my perspective, after merging your pull request, we would have situation when parsing XML from external source which is 'double escaping' if that XML was already escaped (which it should be in order to be valid XML).

That's why at first I suggested that this escaping should be something 'optional' to use when you need it (helper method), so we wouldn't broke existing parsing functionality.

There can of course be some better way too, I'll think about solution for this hopefully soon.

from aexml.

@tadija Very good that we are clearer now.

What I still do not understand is how my patch should interfere with the parsing of XML from an external source. If you get valid XML from an external source, it will be escaped and the parser from iOS will convert it back to the special character value. So when you then access the xmlString property, it will then again correctly escape the special characters to valid XML.

from aexml.

@ghowen Have you tested that? If you did, maybe you could post some Xcode playground on this subject or something similar that proves the point, if not, I'll do it when I have a little time for that.

from aexml.

@tadija I did not test it with your code specifically but this is the way all XML parsers worked that I have used so far. Also I do not see your parser code using the xmlString property which could cause a double encoding.

I am also very busy at the moment so a playground would have to wait a bit.

from aexml.

@tadija, thanks for your great work on AEXML. I agree with @ghowen. An XML library should handle the escaping transparently, that means it should automatically escape all special characters when creating an XML document and of course do the opposite when parsing the document.

from aexml.

I finally had some time to test this in playgrounds, and I'm glad to announce that in latest AEXML version (2.0.0) escaping is included. Thanks for the feedback!

from aexml.

Special character "&" (ampersand) is not Parsing in your AEXML . . .I was used in my Project.

When i am trying to Parse Special Character "&" (ampersand) than error is occurrence. . . .

can any one help me ? What is the Solution of this Special Character ?

----------------------------------------------*
at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeString()

at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeInternal(Int32 depth)

at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeDictionary(Int32 depth)

at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeInternal(Int32 depth)

at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeList(Int32 depth)

at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeInternal(Int32 depth)

at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeDictionary(Int32 depth)

at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeInternal(Int32 depth)

at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeList(Int32 depth)

at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeInternal(Int32 depth)

at System.Web.Script.Serialization.JavaScriptObjectDeserializer.BasicDeserialize(String input, Int32 depthLimit, JavaScriptSerializer serializer)

from aexml.