<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">On 11/02/2017 11:19 PM, Artyom
      Shalkhakov wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAKO6=qhSS3TDLHYWQX9EQPO4-nJU-YXyqNwzWnStCT7uWUC3sA@mail.gmail.com">
      <div dir="ltr">2017-11-03 1:59 GMT+06:00 Peter Brottveit Bock <span
          dir="ltr"><<a href="mailto:post@peterbb.net"
            target="_blank" moz-do-not-send="true">post@peterbb.net</a>></span>:<br>
        <div class="gmail_extra">
          <div class="gmail_quote">
            <blockquote class="gmail_quote" style="margin:0px 0px 0px
              0.8ex;border-left:1px solid
              rgb(204,204,204);padding-left:1ex">It seems to me that
              it's not possible to store xml in a database. Is there any
              reason for this?<br>
              <br>
            </blockquote>
            <div><br>
            </div>
            <div>Storing it in a database is prone to XML/HTML injection
              (therefore the general case is disallowed).</div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
    Right, that's true.  However, it shouldn't be a concern when only
    your Ur/Web app accesses that database.<br>
    <br>
    Still, overnight I thought of another issue: legitimate JavaScript
    code within HTML fragments can become illegitimate across versions
    of your Ur/Web app!  A global identifier may no longer exist,
    causing an unbound-identifier exception when using HTML retrieved
    from the database.  To me, this is the kiss of death, reminding me
    why this feature deserves to be left out.<br>
  </body>
</html>