xml-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Timothy Jones" <Timothy.Jo...@syniverse.com>
Subject RE: [Announce] Escaping double quotation marks in XSL
Date Wed, 24 Oct 2007 16:52:26 GMT
In the detested example
    > <xsl:template match="image">
    >  <![CDATA[ <image]>><xsl:apply-templates select="@*"/> <![CDATA[
    > </xsl:template>
I didn't see any attempt to inject double quotes (I'll even admit to not
reading the subject line!).
But for inserting arbitrary characters (even metacharacters) without
escaping, maybe the disable-output-escaping attribute of <xsl:value-of>
and <xsl:text> would be useful.  In my application I have an
XSL-generated HTML page with hyperlinks with GET parameters, and I use
<xsl:value-of disable-output-escaping='yes'> to prevent the & characters
in my GET URLs from being converted to &amp;.  Since = -> &quot; is a
similar encoding to & -> &amp;, wouldn't this help?
I apologize if I am missing the point...
-----Original Message-----
From: Brian Minchau [mailto:minchau@ca.ibm.com
<mailto:minchau@ca.ibm.com> ]
Sent: Wednesday, October 24, 2007 12:31 PM
To: Timothy Jones
Cc: general@xml.apache.org; tranceradi@hotmail.com;
Subject: RE: [Announce] Escaping double quotation marks in XSL

well, .... yes, .... but I think that trying to inject double quotes
into the attribute value (with modifications to you suggestion)  in this
way will only get them escaped as &quot; which is not what the user

- Brian





View raw message