Here's a patch to rexml/xpath.rb which documents the variables parameter
in REXML::XPath.
--- xpath.rb.old 2008-04-24 17:31:51.000000000 -0500
+++ xpath.rb 2008-04-24 17:37:38.000000000 -0500
@@ -15,10 +15,15 @@
# node matching '*'.
# namespaces::
# If supplied, a Hash which defines a namespace mapping.
+ # variables::
+ # If supplied, a Hash which maps $variables in the query
+ # to values. This can be used to avoid XPath injection
attacks
+ # or to automatically handle escaping string values.
#
# XPath.first( node )
# XPath.first( doc, "//b"} )
# XPath.first( node, "a/x:b", { "x"=>"http://doofus" } )
+ # XPath.first( node, '/book/publisher/text()=$publisher', {},
{"publisher"=>"O'Reilly"})
def XPath::first element, path=nil, namespaces=nil, variables={}
raise "The namespaces argument, if supplied, must be a hash
object." unless namespaces.nil? or namespaces.kind_of?(Hash)
raise "The variables argument, if supplied, must be a hash
object." unless variables.kind_of?(Hash)
@@ -38,10 +43,16 @@
# The xpath to search for. If not supplied or nil, defaults to
'*'
# namespaces::
# If supplied, a Hash which defines a namespace mapping
+ # variables::
+ # If supplied, a Hash which maps $variables in the query
+ # to values. This can be used to avoid XPath injection
attacks
+ # or to automatically handle escaping string values.
#
# XPath.each( node ) { |el| ... }
# XPath.each( node, '/*[@attr='v']' ) { |el| ... }
# XPath.each( node, 'ancestor::x' ) { |el| ... }
+ # XPath.each( node, '/book/publisher/text()=$publisher', {},
{"publisher"=>"O'Reilly"}) \
+ # {|el| ... }
def XPath::each element, path=nil, namespaces=nil, variables={},
&block
raise "The namespaces argument, if supplied, must be a hash
object." unless namespaces.nil? or namespaces.kind_of?(Hash)
raise "The variables argument, if supplied, must be a hash
object." unless variables.kind_of?(Hash)
on 01.05.2008 19:08
