Re: xml/xsl character escaping in user entered data
Ken's suggestion will work; note however that it opens a possible security hole where users will be able to insert executable script into the database which will propagate later into the client's browsers. If these are running in a "trusted" security zone (quite common in a company's intranet), it will be able to more or less execute arbitrary code (at least when run IE with active scripting enabled).
I'd recommend to tidy the input into XHTML, and then use XSLT just to copy over those XHTML elements considered "safe" (such as <b>, <i>), filtering out everything else.
-- <green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
PURCHASE STYLUS STUDIO ONLINE TODAY!
Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!
Download The World's Best XML IDE!
Accelerate XML development with our award-winning XML IDE - Download a free trial today!
Subscribe in XML format