[XSL-LIST Mailing List Archive Home]
[Reply To This Message]
Re: xml/xsl character escaping in user entered data
Subject: Re: xml/xsl character escaping in user entered data|
From: Julian Reschke <julian.reschke@xxxxxx>
Date: Sun, 04 Apr 2004 22:15:34 +0200
Jonathan Kart wrote:
I have a relatively simple problem to solve, but as a newcomer to
xml/xsl, I could use some help.
I have data in a database which is retrieved and published to the web
but processing the db into xml and then converted to html via xsl
transformations. My issue is that non-technical users enter the data
into the database. I need to insure the following goals:
1. nothing the users enter can cause the subsequent xml files to be
2. any intra-content html formatting they enter is preserved after the
xsl transformations are complete. For example, user data such as:
"Here is the <b>Title</b> of my article"
needs to be preserved exactly so the browser will bold the "Title".
I have tried:
1. escaping any invalid xml chars with entity references. this
achieves the first but not the second goal.
2. wrapping all user entered data with <![CDATA]> sections in the
xml. This prevents any user entered data from breaking the subsequent
xml file, but escapes any valid internal formatting once the xsl
transformation is complete.
I'm not sure how to proceed.. Any help is greatly appreciated.
Although, I'm not at liberty to alter the process of db ---> xml --(via
xslt)--> html. So system design suggestions won't aide me. I'm just
looking for a way to solve this particular problem.
At some point, you'll have to run the markup entered by the user through
a process that makes it wellformed XML; usually people suggest using the
W3C's "tidy" tool to do that.
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
PURCHASE STYLUS STUDIO ONLINE TODAY!
Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!
Download The World's Best XML IDE!
Accelerate XML development with our award-winning XML IDE - Download a free trial today!
Subscribe in XML format