While checking validation of SVG file, it showing error: Attribute data-name not allowed on SVG element pattern at this point.
Not able to resolve this issue.
The data-* attributes were first officially defined in the HTML5 standard as an HTML feature. The SVG 1.1 standard predates that by around 10 years. Data attributes have now been added to the SVG2 specification, but that is not yet an official specification.
The W3C SVG validator has not yet been updated to support SVG 2 documents. When it does, I expect it will not flag data attributes as an error. Until then, you should either remove the attributes, or ignore the validator errors.
According to SVG validation markup guide
For SVG-in-HTML, use HTML-style data attributes; any attribute name that starts with data- is for custom data. Beware: the matching dataset DOM property on the element object is new in SVG 2, and won’t be supported everywhere. Use getAttribute()/setAttribute() for best support.
i.e. Now data-pattern is no more supported. I have checked SVG by removing data-name & it is working normally w/o any error.
For the get/set attributes you need javascript help which I dont know but if you tell us why you need this tag may be we try to find some alternative that coukld help you around.
You have one warning No Character encoding declared at document level , which can be fixed by adding below line at top of your svg file.
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
Hope it helped anyhow.
Related
I use XSLT 1.0 to transform source XML file to HTML document. In source file there are section elements.
<section name="Name of this section">
...
</section>
And it is transformed to HTML as following (h2 may change to h3, h4, etc. according to the level of nesting).
<h2 id="...">Name of this section</h2>
id attribute is used to reference this section from other HTML document.
Link to the section
Currently geterate-id function is used to generate the value of id attribute. But it may change when structure of source XML file is changed. And it results in breakage of link from other HTML document. So I would like to make value of id attribute constant even if structure of source file is changed.
At first I considered using the value of name attribute. But sometimes it includes characters that is improper as a part of URL (space, question mark, non-ASCII UTF-8 characters, etc.). So it can't be used.
Next I considered adding id attribute to section element of source XML file and using it as is in HTML file. It surely provide proper value but adding it to all section element in source file is bothersome. So I would like to think of it as last resort.
Then is there any way to generete the value of id attribute that is constant regardless of change of source file and also proper as a part of URL?
Maintainer of documents referencing mine told me encode-for-uri() of XSLT 2.0 and str:encode-uri() of EXSLT. I use xsltproc of libxslt as processor and it supports EXSLT. So I decided to use str:encode-uri(#name) as value of id attribute. There are two drawbacks about it. At first it doesn't guarantee uniqueness. If there are multiple section elements with the same name attribute value in source XML file, then id value will be duplicated. The second point is that when the value of the name attribute changes, the id value also changes. However, in my case they don't really matter. The value of name attribute is unique within source file and seldom changed. So I can make id unique and almost constant enough for my case.
I am working on an email client, and I wonder what is the correct algorithm for deciding whether an attachment is a regular attachment (a downloadable file like pdf, video, audio, etc...) or an inline attachment (which is just an embedded part of an HTML letter).
Until recently, I've checked whether body type (assuming the message part is not multipart, otherwise I would recursively parse ir further) is not TEXT. That is, whether it's APPLICATION, IMAGE, AUDIO or VIDEO. If that's the case, I looked at whether the nineth element is equal to ATTACHMENT or INLINE. I thought that if it's INLINE, then it is an embedded HTML particle, rather than a regular attachment.
However, recently I have across an email that contained some HTML message body and regular attachments. The problem is that its body structure looked like this:
1. mutlipart/mixed
1.1. mutlipart/alternative
1.1.1. text/plain
1.1.2. multipart/relative
1.1.2.1. text/html
1.1.2.2. Inline jpeg
1.1.2.3. Inline jpeg
1.2. pdf inline (why 'inline'? Should be 'attachment')
1.3. pdf inline (why 'inline'? Should be 'attachment')
The question is, why downloadable pdf files are of type INLINE? And what is the appropriate algorithm for determining whether a file is embedded html particle or a downloadable file? Should I look at the parent subtype to see whether it's relative or not and disregard inline vs attachment parameters?
There really is no defined one-size-fits-all algorithm. inline or attachment is something the sender sets, and is a hint on whether they want it to be displayed inline (automatically rendered), as an attachment (displayed in a list), or neither (no preference).
There is also what is sometimes called "embedded" attachments, which are attachments with a Content-ID (this is in the body structure response) and is referenced by a cid: reference in an <img> tag or the like.
So, this pretty much has to be done heuristically.
It really depends on your needs and your clients capabilities, but here is a list of heuristics you may consider using in some combination (some of these are mutually exclusive):
If it is marked 'attachment', treat it as an attachment.
If it is marked inline, and it is something you can treat as inline (image/*, maybe text/* if you like), then it is inline.
If it has a Content-ID, treat it inline.
If it has a Content-ID, and the HTML section references it, treat it as embedded (that is, the HTML viewer will render it); If it was not referenced, treat it as inline (or attachment) as your requirements dictate.
If it is neither, and it is something you want to treat as inline, then treat it as inline.
If nothing applies, treat it as an attachment.
Ignore the disposition, and treat it as inline if you wish (such as making all images always inline)
Also, the original version of inline only meant the sender wanted it automatically rendered; this is often conflated with referenced by the HTML section (which I've called embedded). These are not quite the same.
In Firefox extension we use parseFragment (documentation) to parse a string of HTML (received from 3rd party server) into a sanitized DocumentFragment as it required by Mozilla. The only problem, the parser removes all attributes we need, for example, class attribute.
Is it possible somehow to keep class attributes while parsing HTML with parseFragment?
P.S. I know that in Gecko 14.0 they replaced this function with another which supports sanitizing parameters. But what to do with Gecko < 14.0?
No, the whitelist is hardcoded and cannot be adjusted. However, the class attribute is in the whitelist and should be kept, you probably meant the style attribute? If you need a customized behavior you will have to use a different solution (like DOMParser which can parse HTML documents in Firefox 12).
As to older Firefox versions, you can parse XHTML data with DOMParser there. If you really have HTML then I am only aware of one way to parse it without immediately inserting it into a document (which might cause various security issues): range.createContextualFragment(). You need an HTML document for that, if you don't have one - a hidden <iframe> loading about:blank will do as well. Here is how it works:
// Get the HTML document
var doc = document.getElementById("dummyFrame").contentDocument;
// Parse data
var fragment = doc.createRange().createContextualFragment(htmlData);
// Sanitize it
sanitizeData(fragment);
Here sanitizing the data is your own responsibility. You probably want to base your sanitization on Mozilla's whitelist that I linked to above - remove all tags and attributes that are not on that list, also make sure to check the links. The style attribute is a special case: it used to be insecure but IMHO no longer is given than -moz-binding isn't supported on the web any more.
I am using jQuery-File-Upload with rails 3, it works very well. But I didn't find anything about how to validate the extension or the content type of the upload file on the client-side.
Is there a way to do that?
Of cause I will anyway validate it by Paperclip at server-sid, but I think it would be better to validate it once at client-side.
acceptFileTypes
The regular expression for allowed file types, matches against either file type or file name as only browsers with support for the File API report the file type.
Type: Regular Expression
Example: /(\.|\/)(gif|jpe?g|png)$/i
See https://github.com/blueimp/jQuery-File-Upload/wiki/Options
The question implicates that you (opposite to the majority) realize that when you detect on just the extention, that you're not checking mime type.
In HTML5 you can use the accept attribute:
<input type="file" accept="video/*" />
You could use multiple (commaseperated?) values.
But the specification says space-seperated, but in reality I only see comma-seperated values.
Mind: in HTML5 capable browsers adding more validation is redundant.
But in case your question related to other use (like drag/drop file uploads), then you could use javascript in stead of jquery:
if(!(file.type.indexOf('video/') == 0)) {
alert('nope');
return false;
}
Needless to say is that you also should validate on the server side.
I have in my browser.xul code,what I am tyring to is to fetch data from an html file and to insert it into my div element.
I am trying to use div.innerHTML but I am getting an exception:
Component returned failure code: 0x804e03f7
[nsIDOMNSHTMLElement.innerHTML]
I tried to parse the HTML using Components.interfaces.nsIScriptableUnescapeHTML and to append the parsed html into my div but my problem is that style(attribute and tag) and script isn`t parsed.
First a warning: if your HTML data comes from the web then you are trying to build a security hole into your extension. HTML code from the web should never be trusted (even when coming from your own web server and via HTTPS) and you should really use nsIScriptableUnescapeHTML. Styles should be part of your extension, using styles from the web isn't safe. For more information: https://developer.mozilla.org/En/Displaying_web_content_in_an_extension_without_security_issues
As to your problem, this error code is NS_ERROR_HTMLPARSER_STOPPARSING which seems to mean a parsing error. I guess that you are trying to feed it regular HTML code rather than XHTML (which would be XML-compliant). Either way, a better way to parse XHTML code would be DOMParser, this gives you a document that you can then insert into the right place.
If the point is really to parse HTML code (not XHTML) then you have two options. One is using an <iframe> element and displaying your data there. You can generate a data: URL from your HTML data:
frame.src = "data:text/html;charset=utf-8," + encodeURIComponent(htmlData);
If you don't want to display the data in a frame you will still need a frame (can be hidden) that has an HTML document loaded (can be about:blank). You then use Range.createContextualFragment() to parse your HTML string:
var range = frame.contentDocument.createRange();
range.selectNode(frame.contentDocument.documentElement);
var fragment = range.createContextualFragment(htmlData);
XML documents don't have innerHTML, and nsIScriptableUnescapeHTML is one way to get the html parsed but it's designed for uses where the HTML might not be safe; as you've found out it throws away the script nodes (and a few other things).
There are a couple of alternatives, however. You can use the responseXML property, although this may be suboptimal unless you're receiving XHTML content.
You could also use an iframe. It may seem old-fashioned, but an iframe's job is to take a url (the src property) and render the content it receives, which necessarily means parsing it and building a DOM. In general, when an extension running as chrome does this, it will have to take care not to give the remote content the same chrome privilages. Luckily that's easily managed; just put type="content" on the iframe. However, since you're looking to import the DOM into your XUL document wholesale, you must have already ensured that this remote content will always be safe. You're evidently using an HTTPS connection, and you've taken extra care to verify the identity of the server by making sure it sends the right certificate. You've also verified that the server hasn't been hacked and isn't delivering malicious content.