[racket] How to interpret the html code from an input field ?

From: YC (yinso.chen at gmail.com)
Date: Thu Oct 14 17:11:02 EDT 2010

On Thu, Oct 14, 2010 at 1:37 PM, scouic <scouic at gmail.com> wrote:

>
> "<p>My comment, visit <a href="www.example.com">foo</a>, this is good</p>"
> it creates a paragraph with a link.
> However, there is a big problem. I put this string into my sqlite database,
> and when i want to display it on the web page, it's via ,(post-display!
> a-blog a-post)
> Into the database, < is a true <, but when it's written into the web page,
> < become &lt; and > become &gt; ... so I can't create links, put images ...
>
>
This is due to the file being stored as a string in the database and
retrieved back out as a string, and strings in xexprs are automatically
escaped for HTML markers.

To avoid this issue you need to first convert the string into xexpr.  You
can use the combo of xml and html package to do so (the html package will
allow you to handle html fragments that are not well-formed according to xml
rules), and then convert it to xexpr.  Something like below (sample only -
non-working code):

(require html xml)

`(your xexpr here ... ,(xml->xexpr (read-html-as-xml (open-input-string
<your_string_here>)) ...))

My bzlib/xml planet package wraps up the above so you can call (read-xexpr
(open-input-string <your_string_here>)) if that's something you want to
explore.

Note - as you probably know, there are security issues with directly storing
html fragments and render them out unescaped, so you will want to account
for them eventually.

Cheers,
yc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.racket-lang.org/users/archive/attachments/20101014/a0429439/attachment.html>

Posted on the users mailing list.