Forum Moderators: open
Basically, my site is set up like this:
A standard xml file with a server-side include to include a another xml file. The included xml file is a testimonials file, and it is only for convenience sake.
Each xml file links to a php page being served as xsl. It passes 1 thing, a name to identify which page was served to it. That page then includes some generic header and navigation xsl files, and then includes one xsl based on what content was sent. So far, everything has been working good.
The only concern I have is eventually the client will want a hyperlink embedded in the content... How am I to do this? I mean, if it just needs a link that kind of stands by itself, it isn't that hard to do. I'm already doing it. How would you make a link out of something inside of a bunch of text?
[edited by: jatar_k at 5:34 pm (utc) on April 10, 2008]
[edit reason] no urls thanks [/edit]
I'm not exactly sure what the issue is. It is very easy to make anchor elements (<a> elements) in XSLT.
By the way, we are not allowed to post links, so someone will probably remove the link to your site.
Anyways, I think I figured out my problem. If not I'll post here again.
Let's say I have HTML tags inside of an XML tag. The XSL attribute disable-output-escaping="yes" fails in Mozilla browsers. So what are my options for displaying HTML tags in a browser?
However, HTML is, for all intents and purposes, XML (if you use XHTML-compliant HTML, as I do). I don't see why it can't be a regular part of the XML.
My personal HTML is XHTML compliant, it is theirs I am worried about...
Will creating an xml template for every basic HTML tag and then applying the templates work? In my head it will, at least...
Will creating an xml template for every basic HTML tag and then applying the templates work?
Yes. In fact, I recommend it. It will be better security, and you can restrict functionality (reduce the number and scope of attributes, etc.).
To clarify the "no links" policy, the intent is primarily to discourage people who post self-promotional links. Thus we encourage members to discuss topics using descriptions and short code samples, not with links to examples. Also, these links ("see my work in progress here") tend to disappear quickly or change, thus do not have lasting value to others who may find this thread in a search some year in the future.
However. Links to authority sources are almost always allowed (MSDN, Mozilla, PHP.net, W3C, places like that), as are links to quoted sources or specific "permalinked" content, like news stories or blogs. It's ultimately up to the discretion of the forum moderators, who (at worst) will remove the link and send you a friendly note explaining why.
Back on topic... I feel your concern. Give a client the ability to edit XML content, and it's just a matter of time before you get a panicky call asking why everything broke (like, they put in an unclosed "<BR>" tag). You do want them to be able to add a <table> or a <a> to their content, but you know that it's a double-edged sword. When you're merely rendering the content on page, they might bugger up the layout with an extra </div>, but when you're using XSLT they can fubar the entire site.
Other sites allowing user-generated content (UGC) often employ non-HTML markup, like BBcode or Wikistyle. There is a good reason for this. No one would have gone to the effort of creating alternative markup language if it wasn't tragically necessary.
Another approach is to pasteurize all the UGC with a function like htmlentities(), killing all HTML and turning it into "<safe>" markup. Then you can selectively find and replace "allowed" tags using regular expressions that turn "<b>this</b>" back into "<b>this</b>".
