<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 11/02/2017 11:19 PM, Artyom
Shalkhakov wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAKO6=qhSS3TDLHYWQX9EQPO4-nJU-YXyqNwzWnStCT7uWUC3sA@mail.gmail.com">
<div dir="ltr">2017-11-03 1:59 GMT+06:00 Peter Brottveit Bock <span
dir="ltr"><<a href="mailto:post@peterbb.net"
target="_blank" moz-do-not-send="true">post@peterbb.net</a>></span>:<br>
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">It seems to me that
it's not possible to store xml in a database. Is there any
reason for this?<br>
<br>
</blockquote>
<div><br>
</div>
<div>Storing it in a database is prone to XML/HTML injection
(therefore the general case is disallowed).</div>
</div>
</div>
</div>
</blockquote>
<br>
Right, that's true. However, it shouldn't be a concern when only
your Ur/Web app accesses that database.<br>
<br>
Still, overnight I thought of another issue: legitimate JavaScript
code within HTML fragments can become illegitimate across versions
of your Ur/Web app! A global identifier may no longer exist,
causing an unbound-identifier exception when using HTML retrieved
from the database. To me, this is the kiss of death, reminding me
why this feature deserves to be left out.<br>
</body>
</html>