[lxml-dev] Preventing XPath injection
Ian Bicking
ianb at colorstudy.com
Sun Sep 7 19:16:25 CEST 2008
Geoffrey Sneddon wrote:
> On 6 Sep 2008, at 18:52, Alex Klizhentas wrote:
>
>> That's strange, I thought it should be quoted like: '
>
> Nope. A string is "[^"]*" or '[^']*' — it is exactly what is between
> the quotes.
When I was trying to figure out CSS to XPath translation, I tried to
figure out how string quoting worked in XPath. Unfortunately I couldn't
find any reference to string quoting in the specs (though of course I
might have missed it). This seemed like a very peculiar omission.
--
Ian Bicking : ianb at colorstudy.com : http://blog.ianbicking.org
More information about the lxml-dev
mailing list