In search of XHTML guidance

higher guidance I've got yesterday's example working in Mozilla now as well, thanks to Bob Clary, who wrote to say:

There are two issues in Mozilla, Firebird and other Gecko-based browsers which cause your example to fail.

1. There is a Cross Domain issue in terms of accessing the content on the Tag site. Not only are you reading content you are actually writing to the DOM cross domain. To support this you need to enable privileges to allow cross domain read and write.

Add the following to the MOZtransform function after the beginning of the function.

netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserRead UniversalBrowserWrite');

If the user does not grant permission it will throw an exception so you probably want it in a try catch block.

You will need to enable the ability to override security. I am not sure how to do that in Firebird but in Mozilla and Netscape 7.1 you can either add the required preference in about:config or install the user.xpi from http://devedge.netscape.com/toolbox/examples/2003/CSpider/

http://devedge.netscape.com/toolbox/examples/2003/CSpider/user.xpi

which adds the preference user_pref("signed.applets.codebase_principal_support", true);

2. The second issue is that the document http://www.w3.org/TR/2003/WD-webarch-20030627/ is NOT XML. It is HTML as you can see by the Content Type returned by the server. xml.load actually results in an EMPTY xml document since the source URI is HTML. There are ways to get around this by using XMLHttpRequest and forcing the Content Type.

This is a common issue in the current use of XHTML served as HTML. Complain to the Tag that they should be serving XHTML as application/xhtml+xml or as text/xml but not as text/html!

Thanks Bob! After invoking http://devedge.netscape.com/toolbox/examples/2003/CSpider/user.xpi and adding the enablePrivilege call to the script, I used this approach to load the XML:

try
    {
    var myXMLHTTPRequest = new XMLHttpRequest(); 
    myXMLHTTPRequest.open("GET", xmlurl, false); 
    myXMLHTTPRequest.send(null);                 
    var xmltext = myXMLHTTPRequest.responseText;          
    var xml = document.implementation.createDocument("", "xml", null);
    var objDOMParser = new DOMParser();
    var objDoc = objDOMParser.parseFromString(xmltext, "text/xml");
    while (xml.hasChildNodes())
        xml.removeChild(xml.lastChild); 
    for (var i=0; i < objDoc.childNodes.length; i++)
        {
        var objImportedNode = xml.importNode(objDoc.childNodes[i], true);
        xml.appendChild(objImportedNode);
        }
    }
xpath local search in firebird
xpath local search in firebird

The security stuff (in either browser) is a bit scary, but note that it is not central to what's being illustrated in my example. Had I asked for and received permission to serve the TAG's document from my site, or were the viewer being served from the TAG's site, there would be no cross-domain conflict.

As to the issue about which content-type to use, I am no expert but Bob's message reminded me of Ian Hixie's note, Sending XHTML as text/html Considered Harmful. The upshot of this very well-reasoned brief is stated at the beginning:

It is suggested that XHTML delivered as text/html is broken and XHTML delivered as text/xml is risky, so authors intending their work for public consumption should stick to HTML 4.01.

I have long been fascinated by the notion that XHTML can be a best-of-both-worlds approach, combining the immediate accessibility of HTML (i.e., no transformation needed to read it in a browser) with the advanced capabilities of XML (e.g., the kinds of dynamic XPath-driven views my example illustrates). It seems to be unclear, at the moment, how or even whether to use XHTML in this best-of-both-worlds way. I will be on the lookout for guidance.


Former URL: http://weblog.infoworld.com/udell/2003/07/02.html#a736