CODEWITHSUNDEEP
javascriptxmlxquery
Fongios
Fongios

Reputation: 49

dynamically execute xquery within Javascript and store the result in a JS variable

Here's what I want to do:

Execute dynamically an XQUERY contained in a Javascript variable example

var myxquery = For Channels.Channel

where Channel/availability = yes

And Channels.Channel/Label = 'CNN'

Return  EXIST(Channels.Channel/Id)';

var xmltoparse= '<channel>
<available>yes</available>
<label>CNN</label>
</channel>
<channel>
<available>yes</available>
<label>BBC</label>
</channel>'

That will imply executing the var myxquery against the var xmltoparse and store the result of the xquery in another var.

Is it possible?

Upvotes: 0

Views: 1626

Answers (2)

grtjn
grtjn

Reputation: 20414

If you are looking for running XQuery client-side in for instance a webbrowser, I'd recommend looking into the mxquery based solution called XQIB (XQuery In the Browser):

http://www.xqib.org/

To my knowledge it allows calling JavaScript functions from XQuery, and the other way around should be possible too.

In case the idea of running XML standards client-side in browser appeals you, you might also be interested in Saxon-CE:

http://www.saxonica.com/ce/index.xml

And depending on what you are actually trying to achieve, using XForms might be interesting for you too. It allows holding an (XML) data model within your page, and applying various dynamic evaluations. There are some client-side implementations, of which XSLTForms is a pretty good one:

http://www.agencexml.com/xsltforms

HTH!

Upvotes: 2

wst
wst

Reputation: 11771

Yes, by using eval(). But that will expose your webservice to injection attacks (and this specific pattern will make it really easy). This is why it is generally not recommended, ever.

However, if you needed to do it anyway, you could create an XQY endpoint that takes a string as a parameter and then passes the value of that string to eval(). The exact way to inboke eval() will vary based on your XQuery processor, since it's not defined in the spec. I.e.: In eXist, it's util:eval(); in MarkLogic it's xdmp:eval(); etc.

If you must use this pattern, then use every means necessary to lock it down: strong authentication, limit the capabilities of the user executing the eval, maybe even inspect the string before executing it.

Upvotes: 0

Related Questions