[xml-sig] XPath Processing

[Timothy O'Keefe]

Dear PyXML developers,

I have started a project recently consisting of a XML database and XPath
querying capability. One of the requirements for this project is meant to
address "secure XPath queries" i.e. denying queries that contain certain
syntax. In order to accomplish this, I decided that it might behoove me to
parse incoming XPath queries and analyze the AST. For example, one piece of
syntax that must be rejected is the "doc()" function (or users who concat a
doc function).

In my search for existing solutions, I found that there are surprisingly
few! A number of resources that I did reveal come from or refer to the PyXML
project. I found a nice essay on "Towards a Standard Parser Generator"
by Martin v. Löwis that mentions both PyXML and 4Suite. I installed PyXML,
perused the webpage(s) and began toying with the XPathParser class with
varying degrees of success. I think the most significant impedance is the
lack of browsable API docs or examples that use those classes. It may very
well be that those classes were ever meant for public usage.

I was hoping that you could perhaps assist me at this point. All I'm looking
for is some advice, or examples. Something that might put me on the right
track. Until now, I've been reading the PyXML source and running various
print(dir(obj)) to expose the underlying API. I really appreciate your
taking the time to read this.

Thank you,
Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/xml-sig/attachments/20110222/b948fd09/attachment-0001.html>