24 August 2003
Comment validation using a modified XHTML Simple schema. Test it, break it, tell me about it.
With a schema (after some trouble), the code to validate comments is easy. Also includes bonus javascript link removal.
We need three objects here, all part of MSXML.
Set Schema = Server.CreateObject("Msxml2.DOMDocument.4.0")
Set SchemaCache = Server.CreateObject("Msxml2.XMLSchemaCache.4.0")
Set Comment = Server.CreateObject("Msxml2.DOMDocument.4.0")
Load the schema.
Schema.ASync = False
Schema.Load Server.MapPath("xhtml.xsd")
SchemaCache stores a reference to the schema, and is then referenced in Comment.
SchemaCache.Add "http://www.w3.org/1999/xhtml", Schema
Set up a few things to load user input — without PreserveWhiteSpace it messes things up — as well as getting SchemaCache involved.
With Comment
.Schemas = SchemaCache
.SetProperty "SelectionNamespaces", "xmlns:xhtml='http://www.w3.org/1999/xhtml'"
.PreserveWhiteSpace = True
End With
Body here is the user input: remember to first check there is some. It needs to be wrapped in something, and div makes more sense to me than body for comments. If you like, you can escape ampersands: I do now, but it’s not essential as long as people know how to fix it.
Comment.LoadXML("<divhttp://www.w3.org/1999/xhtml"">" & vbNewLine & Body & vbNewLine & "</div>")
Make sure there’s nothing wrong; if there is, you can get more information with the ParseError object.
If Comment.ParseError.ErrorCode = 0 Then
This is how we strip links. The a tag remains, but any href that starts with
‘javascript:’
is stripped. A little bit of XPath here as well.
Don’t worry about CSS, by the way: suggest link styles correctly.
Set Links = Comment.SelectNodes("//xhtml:a[starts-with(@href, 'javascript:')]")
For I = 0 To Links.Length - 1
Links(I).Attributes.RemoveNamedItem("href")
Next
End If
I repeat this then for blockquote
cite attributes, as I use a script.
That’s about it. I said it was easy.