[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Converting &, >, <, ", and other odd-ball characte

Subject: Re: Converting &, >, <, ", and other odd-ball characters...
From: Mike Brown <mike@xxxxxxxx>
Date: Wed, 14 Feb 2001 23:28:55 -0700 (MST)
perl lt escape converting
Duffey, Kevin wrote:
> I am about to write a java routine that is called by every single field of
> every jsp page just to convert possible ", >, < and & as well as check for
> some other characters and strip them (such as an MS Word paste that uses
> bullets or the " " characters that use special codes for them).

I will infer from this that you are using your JSPs to make XML that
contains strings obtained from HTML form data.

> I am not sure which way to go though. Is there a way to automatically have
> XML and/or XSL convert these characters for me?

No, XSLT is only able to work with XML documents that made it through a
parser. And you'll find that string substitution in XSLT is nearly as
painful as it is in Java.

You must always escape the attribute values. You can get around the need
to escape character data content of an element by using CDATA sections,
but I think you'll find that it's actually just as easy to escape
everything. Entities aren't going to help you.

Also note that you can put your Java method in your JSP.
The following code is untested, but you get the general idea.

<%!

    // at times like these, perl would be beautiful
    private String escape( String s ) {
        StringBuffer sb = new StringBuffer();
        for ( int i = 0; i < s.length(); i++ ) {
            switch ( s.charAt(i) ) {
                case '&': sb.append("&amp;");
                          break;
                case '<': sb.append("&lt;");
                          break;
                case '>': sb.append("&gt;");
                          break;
                default: sb.append( s.charAt(i) );
            }
        }
        return sb.toString();
    }

%>

...

<%
   String somexml = new String( "<stuff>" + escape(getParameter("foo")) + "</stuff>" );
%>

   - Mike
____________________________________________________________________
Mike J. Brown, software engineer at            My XML/XSL resources: 
webb.net in Denver, Colorado, USA              http://skew.org/xml/


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


Current Thread

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.