处理“<![CDATA [””的首选方式是什么?在<![CDATA [块中? [英] What is the prefered way handle "<![CDATA[" in a <![CDATA[ block?
问题描述
<![CDATA [和]]> 不允许在
现在,我必须在<![CDATA […]]> 块。恶意用户可能会输入<![CDATA [或]]> 或两者。
Now, I have to transmit user entered data inside a <![CDATA[ … ]]> block. And a malicious user might enter either <![CDATA[ or ]]> or both.
问题是:处理这种情况的首选方式是什么?
The question is: what is the preferred way to handle this situation?
- Strip
<![CDATA [和]]>? - 替换它
- 向用户发送错误消息?
- 或者是否存在正式的传输方式?
- Strip
<![CDATA[and]]>? - Replace it with spaces?
- Smack the user with an error message?
- Or is there an official way of actually transmitting them?
推荐答案
我认为您在以错误的方式考虑CDATA部分-CDATA代表字符数据和CDATA语法只是用于不应该解释为标记的数据块的语法。 CDATA部分对于将xml文档嵌入另一个xml文档中很有用,但是当在文档中包含字符数据(即文本)时,如果将其包含在CDATA部分中而不是简单地编码为文本数据,则不应更改数据的含义。 (可能逃脱了某些字符)。
I think you are thinking about CDATA sections in the wrong way - CDATA stands for "Character data" and the CDATA syntax is simply syntax for a block of data that shouldn't be interpreted as markup. CDATA sections are useful for embedding xml documents inside another xml document, however when including character data (i.e. text) in a document it shouldn't change the meaning of the data if it is enclosed in a CDATA section over simply being encoded as text data (possibly with certain characters escaped).
其简短版本是您的应用程序不必关心数据是否编码为CDATA 。如果您要编码的文本不是使用类似xml的语法过分沉重,则最好转义& 和< 字符-XML API可能会为您做些事情。例如,XmlNode的 InnerText 属性将转义
The short version of this is that your application shouldn't care whether the data is encoded as CDATA or not. If the text you are encoding isn't overly heavy with xml-like syntax then you may be better off simply escaping & and < characters - something that your XML API will probably do for you anyway. For example the InnerText property of XmlNode will escape characters as required.
如果您仍想使用CDATA标记(转义大的xml片段可能会过度夸大结果文档的大小),则只需要转义代码CDATA语法断裂(]]> ]]> 与]]]]]] >><![CDATA [> 。
If you still want to use CDATA tags (escaping a large xml fragment may overly inflate the size of the resulting document) then you only need to escape the code CDATA syntax fragement (]]>), for example this can be done by simply replacing ]]> with ]]]]><