On Semantics

People like this commenter on Simon's blog drive me nuts enough to make me want to post about it.

you clearly do not understand the idea of a 'semantic' web. Using xml makes it possible to use that information on other places, you can include it in an xml document, like xhtml, using xlink to point to certain data elements. And another advantages: Your data is tagged. You have given it semantic meaning. [emphasis mine]

Please. As if <foo>bar</foo> has any more "semantic meaning" ^[1] than "foo": "bar". Symbols have meaning when some agent imparts meaning to them. I.e. something has meaning when some person or thing understands it to have a certain meaning. Just because something is "tagged" doesn't give that something any meaning. The tags have to be interpreted by some intelligence, that intelligence being either a person, or by proxy, code that a person has written to "understand" those tags by performing some action based on them. "foo":... can be interpreted just the same as <foo>...</foo> can. Get off your high horse.

(Incindentally, the epistemelogical need for unity of meaning, to me, is a very strong argument for God as the foundation of meaning. But that's a separate discussion.)

Footnotes:
[1]: this phrase irks the hell out of me as well. It's redundant. Only people who want to use more words to make themselves sound intelligent talk about "semantic meaning"

Permalink | 3 Comments | Tags: Json, Philosophy, XML | id 8170

14:17 (utc-6)
edited: 14:32 (utc-6)

 

Server-based XSLT transformations -- secure?

Say for the sake of discussion that I wanted to provide a service for people to transform XML documents by uploading their own XSLT files to my server. How insecure is this?

I know XSLT can get you into infinite recursion, but some kind of time limit on the script along with appropriate error handling would probably be enough to make that not too much of an issue. Potentially worse are things like the document() function that can suck any XML document into the stylesheet -- a person could make the server repeatedly download huge XML files in an attempt to cripple the server. I would hope that any XSLT processor I used would allow me to disable the document() function.

Are there any other security considerations to worry about with allowing people to execute arbitrary XSLT on your server?

Permalink | Comments? | Tags: XSLT | id 5000

05:26 (utc-4)

 

XPath and XSLT

It's time for me to learn XPath and XSLT. If anyone can recommend any references, tutorials, or books, I'd be very grateful.

I'm using the Python bindings for libxml2, and I kind of feel like I'm feeling around in the dark. It took me a while to figure out how to run an XPath expression using namespaces (and it took me a while to figure out that the reason my XPath expressions weren't working is because I needed to use namespaces in them).

Update: Well, I think I'm now on my way to being an XPath expert , but I get these xmlNode objects back and I'm not sure how to traverse them. node.children only seems to give me the text nodes, not a tree of all of its children.

Update again: I only have two questions: How do I execute an XPath expression from an arbitrary point in the document (not just from the root), and how come .children only seems to give me the first child? (From there I'm able to get the other siblings with .next)

Update: Argh! According to this diagram, .children only points to the head of the children (doubly-linked) list! I figured it would return a list of elements, just as xpathEval() did, though the underlying return value for that is xmlNodeSet, so that's why it wound up as a Python list.

Now I only need to figure out how to run an XPath expression from an arbitrary point in the document and I think I have everything I need.

Permalink | Comments? | Tags: XSLT | id 4953

13:34 (utc-4)
edited: 16:26 (utc-4)