[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: Converting &, >, <, ", and other odd-ball characte

Subject: RE: Converting &, >, <, ", and other odd-ball characters...
From: "Michael Kay" <mhkay@xxxxxxxxxxxx>
Date: Thu, 15 Feb 2001 19:28:50 -0000
jsp string escape html
Well, I'd say your code is still pretty inefficient. You create a new
StringBuffer() on each call, even when it's not needed. Take a look at the
code in Saxon's XMLEmitter.

Mike Kay

> -----Original Message-----
> From: owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx
> [mailto:owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of
> Kevin Duffey
> Sent: 15 February 2001 16:28
> To: xsl-list@xxxxxxxxxxxxxxxxxxxxxx
> Subject: RE:  Converting &, >, <, ", and other odd-ball
> characters...
>
>
> Thanks Mike.  I did something similar. Basically, I created a
> static final
> method like so:
>
>
>
>   private static final String[] HTMLChars   = new
ing[]{ 
> "&", "\"", "<",
> ">"};
>   private static final String[] HTMLRepl    = new String[]{"&amp;",
> "&quot;", "&lt;", "&gt;"};
> 
>   public static final String decodeHtml(String value)
>   {
>     return decode(value, HTMLChars, HTMLRepl);
>   }
> 
> 
>   public static final String decode(String value, String[] 
> chars, String[]
> repl)
>   {
>     // return null if the value, chars[], repl[] are null or 
> the number
>     // of elemetns of the chars[] and repl[] are not the same.
>     if( value == null || chars == null || repl == null || 
> chars.length !=
> repl.length )
>       return null;
> 
>     int sze = chars.length;
>     StringBuffer sb = new StringBuffer(value);
>     for( int cntr = 0; cntr < sze; cntr++ )
>     {
>       int curPos = 0;
>       int oldPos = 0;
> 
>       while( (curPos = sb.toString().indexOf(chars[cntr], 
> oldPos)) > -1 )
>       {
>         // found a match, so replace this occurrence of the string
>         // with the same element in the repl[] array
>         sb.replace(curPos, curPos + chars[cntr].length(), repl[cntr]);
>         oldPos = curPos + chars[cntr].length() + 1;
>       }
>     }
> 
>     return sb.toString();
>   }
> 
> 
> This method works, so long as the first char[] is '&'. I am 
> not sure if this
> is as fast though..so I think I am going to use yours (and 
> another person
> sent me a similar routine) I get the feeling the 
> sb.toString() call on each
> iteration is slower than just looking at every character one 
> at a time. I
> thought the sb.charAt() was slow? That is why I opted for using the
> indexOf() search, as I read that it is very effecient. I'll keep both
> routines and one day to a performance analysis of them. This 
> is definitely
> one method that needs to be all it can be, since it will be 
> needed on almost
> every page and every form.
> 
> Thanks.
> 
> > -----Original Message-----
> > From: owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx
> > [mailto:owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of 
> Mike Brown
> > Sent: Wednesday, February 14, 2001 10:29 PM
> > To: xsl-list@xxxxxxxxxxxxxxxxxxxxxx
> > Subject: Re:  Converting &, >, <, ", and other odd-ball
> > characters...
> >
> >
> > Duffey, Kevin wrote:
> > > I am about to write a java routine that is called by every
> > single field of
> > > every jsp page just to convert possible ", >, < and & as well
> > as check for
> > > some other characters and strip them (such as an MS Word 
> paste that uses
> > > bullets or the " " characters that use special codes for them).
> >
> > I will infer from this that you are using your JSPs to make XML that
> > contains strings obtained from HTML form data.
> >
> > > I am not sure which way to go though. Is there a way to
> > automatically have
> > > XML and/or XSL convert these characters for me?
> >
> > No, XSLT is only able to work with XML documents that made 
> it through a
> > parser. And you'll find that string substitution in XSLT is 
> nearly as
> > painful as it is in Java.
> >
> > You must always escape the attribute values. You can get 
> around the need
> > to escape character data content of an element by using 
> CDATA sections,
> > but I think you'll find that it's actually just as easy to escape
> > everything. Entities aren't going to help you.
> >
> > Also note that you
 can put your Java method in your JSP.
> > The following code is untested, but you get the general idea.
> >
> > <%!
> >
> >     // at times like these, perl would be beautiful
> >     private String escape( String s ) {
> >         StringBuffer sb = new StringBuffer();
> >         for ( int i = 0; i < s.length(); i++ ) {
> >             switch ( s.charAt(i) ) {
> >                 case '&': sb.append("&amp;");
> >                           break;
> >                 case '<': sb.append("&lt;");
> >                           break;
> >                 case '>': sb.append("&gt;");
> >                           break;
> >                 default: sb.append( s.charAt(i) );
> >             }
> >         }
> >         return sb.toString();
> >     }
> >
> > %>
> >
> > ...
> >
> > <%
> >    String somexml = new String( "<stuff>" +
> > escape(getParameter("foo")) + "</stuff>" );
> > %>
> >
> >    - Mike
> > ____________________________________________________________________
> > Mike J. Brown, software engineer at            My XML/XSL resources:
> > webb.net in Denver, Colorado, USA              http://skew.org/xml/
> >
> >
> >  XSL-List info and archive:
http://www.mulberrytech.com/xsl/xsl-list
>
>


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


Current Thread

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.