Forum: Ruby on Rails Problems passing un-sanitized XML to client

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Derek Gulbranson (Guest)
on 2006-01-06 02:28
(Received via mailing list)
I'm trying to store an xsl stylesheet in the database and return it
to the client, but at some point in the process all the angle
brackets, etc are parsed out of the xml, so I get <defaults>
instead of <defaults>. Anyone have any pointers how I would go about
turning off that behavior?

-Derek
Alex Y. (Guest)
on 2006-01-06 10:52
(Received via mailing list)
Derek Gulbranson wrote:
> I'm trying to store an xsl stylesheet in the database and return it  to
> the client, but at some point in the process all the angle  brackets,
> etc are parsed out of the xml, so I get &lt;defaults&gt;  instead of
> <defaults>. Anyone have any pointers how I would go about  turning off
> that behavior?
>
Assuming it's just being piped down to the browser, check you've not got
anything like:

<%=h @xsl %>

in your views.  The 'h' is short for 'html_escape'.

Other than that, we'll need to know more about the path the xsl takes
between the database and the client.
Derek Gulbranson (Guest)
on 2006-01-07 21:15
(Received via mailing list)
So I installed the Arachno Ruby IDE and was able to track down a bit
of what's happening. The string seems to get encoded somewhere in the
ActionWebServices::Protocol::Soap::SOAPMarshaler process, although
the Arachno Ruby IDE interface doesn't allow me to inspect the full
value of variables, only the first little bit that shows up in the
side panel, so I inspect the full string and to see exactly where
it's happening. Definitely happening somewhere within the soap
libraries. I guess since it gets a string, it sanitizes it.

I tried passing a REXML object instead of a string but same result.
Maybe I should create some sort of SOAP object out of the string? But
what kind? I have only a basic concept of what SOAP is and the SOAP
libraries are fairly over my head, so any suggestions would be
appreciated.

But basically I believe that the :string type will not work for
passing XML or HTML via the SOAP protocol with ActionWebServices, as
strings always get sanitized by the SOAP libraries.

-Derek
This topic is locked and can not be replied to.