From: Per Bothner <per@bothner.com>
To: Damien MATTEI <Damien.Mattei@unice.fr>
Cc: kawa@sourceware.org
Subject: Re: functional programming and web services
Date: Thu, 27 Oct 2016 06:18:00 -0000 [thread overview]
Message-ID: <7cf1c64b-8c49-a108-b0c3-baad299f684f@bothner.com> (raw)
In-Reply-To: <201610261423.51297.Damien.Mattei@unice.fr>
On 10/26/2016 05:23 AM, Damien MATTEI wrote:
>> * ResultatGeneralFKawa.scm builds HTML by concatenating strings.
>> That seems verbose - and dangerous (consider injection attacks).
> gloups! this is my first database accessed by web (!) i didn't know that sort of attacks,
> i searched about SQL injection attack over internet and yes, and made a test by "injecting" an OR-ed
> tautology at the good place via the form: result in accessing the whole list of stars observation,
> it's so huge that the database is unavailable for many minutes before recovering.
> Well that's not really a security issue because accessing data of observations is the goal of the web application,
> there is no passwords or secret things in the database but i will fix that! thanks!
>> Have you considered using XML literals?
> yes months ago, i read and test your documentation
> https://www.gnu.org/software/kawa/XML-tools.html
> and i should have ask help about because i know how to create HTML nodes in the kawa interpreter like this : (html:p "Don't use the " (html:code "<blink>") " tag.")
> but cannot figure out what was the result type of the object and how to cast it in strings to return it to java and tomcat...
> it would be nice if you can give me an example.
The Scheme API for working with XML is rather incomplete.
Since Kawa includes XPath and XQuery, the functionality is
there - it's just not easy to access. (It might be reasonable
as a minimum to define a function where people can use XPath
expressions.)
However, there is enough to conveniently construct nodes, and convert
them to strings:
(define name "Tom")
(define hello-span #<span>Hello &[name]!</>)
(define action "<login>")
(define div1 #<p>&[hello-span]<span> Please &[action]</span></p>)
(display div1) (newline)
Note when div1 is printed, the angle-brackets from action are escaped.
The escaping does *not* happen when div1 is constructed - that just creates a
text node. The escaping is when when the text node (child of div1)
is "serialized" to a string, by calling display. You can also do:
(div1:toString)
to directly yield an XML-formatted string.
Note the following are equivalent:
(html:span "Hello!")
#<html:span>Hello</>
Leaving out the html: in the latter is almost the same,
but in the default empty namespace:
#<span>Hello</>
A browser should display #<html:span>Hello</> and
#<span>Hello</> the same.
--
--Per Bothner
per@bothner.com http://per.bothner.com/
prev parent reply other threads:[~2016-10-27 6:18 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-20 9:55 Damien MATTEI
2016-10-20 10:20 ` Damien MATTEI
2016-10-21 23:00 ` Per Bothner
[not found] ` <201610261423.51297.Damien.Mattei@unice.fr>
2016-10-27 6:18 ` Per Bothner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7cf1c64b-8c49-a108-b0c3-baad299f684f@bothner.com \
--to=per@bothner.com \
--cc=Damien.Mattei@unice.fr \
--cc=kawa@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).