Cart
|
[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] disable-output-UNescaping
 For a project it is convenient to use XSL to generate SQL. This is because input is XML and in the future we might use a real XML database. Because malicious XML uploads might try to exploit the SQL I'm worried about certain characters, mostly quotes, apostrophes and backslashes. My idea was to escape all these chars with the \ notation but I quickly found out that my XSL always converted this back to a real "\" and the same happened for apostrophes. In xsl we have disable-output-escaping to prevent characters being escaped and I was wondering if it was possible to do the reverse and make sure that escaped chars are not unescaped during processing. Thanks. jw -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen! XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
