[xsl] Best way to escape ' and " in XSL to HTML

Subject: [xsl] Best way to escape ' and " in XSL to HTML
From: "Koes, Derrick" <Derrick.Koes@xxxxxxxxxxxxxxxx>
Date: Thu, 10 Oct 2002 13:13:18 -0400
We are transforming XML to HTML using XSLT.  The problem is that some of the
values used to populate the HTML forms have quotes (' " ') in them.

These values seem to be in a fine state until they are used to populate HTML
input elements.  We don't URL encode/decode at the moment, but some
experimentation has shown that if the values are persisted as URL encoded
then are URL decoded and assigned to the appropriate elements AFTER the page
loads (e.g. in a onWindowLoad javascript method) things are OK.

 

We've also seen that this is only a problem when they are being assigned to
attributes, since attributes use quotes to enclose their values.

 

To summarize, it appears we will have to URL encode and URL decode all
individual values (encoding/decoding as XML does not work well) for our app
to use these values.

The second alternative, the one we've gone with, is to call a template which
escapes the quote/apostrophe.  However, doing this forces us to store the
value in javascript because \' and \" is not interpreted in an html value
attribute, but rather only as javascript.

Is this correct?  Is there a better way to solve this problem?

 

function onWindowLoad()

document.forms[0].FirstName.value = firstName;

 

...

 

<xsl:template match="Name">

 

    <xsl:variable name="escapedFirstName">

        <xsl:call-template name="escapeApos">

            <xsl:with-param name="text" select="FirstName"/>

        </xsl:call-template>

    </xsl:variable>

<script>

        var firstName = '<xsl:value-of select="$escapedFirstName"/>';

</script>

 

<table>

       <tr>

             <td class='boldSmallFont'><xsl:value-of
select="$lang.user.name.first"/><xsl:text> * </xsl:text></td>

              <td><input type="text" name="FirstName" maxlength="25"/></td>

             </tr>

...

 

<xsl:template name="escapeApos">

    <xsl:param name="text"/>

    <xsl:choose>

      <xsl:when test='contains($text, "&apos;")'>

        <xsl:variable name="bufferBefore" select='substring-before($text,
"&apos;")'/>

        <xsl:variable name="newBuffer" select='substring-after($text,
"&apos;")'/>

        <xsl:value-of select="$bufferBefore"/><xsl:text>\'</xsl:text>

        <xsl:call-template name="escapeApos">

          <xsl:with-param name="text" select="$newBuffer"/>

        </xsl:call-template>

      </xsl:when>

      <xsl:otherwise>

        <xsl:value-of select="$text"/>

      </xsl:otherwise>

    </xsl:choose>

  </xsl:template>

 

  <xsl:template name="escapeQuot">

    <xsl:param name="text"/>

    <xsl:choose>

      <xsl:when test="contains($text, '&quot;')">

        <xsl:variable name="bufferBefore" select="substring-before($text,
'&quot;')"/>

        <xsl:variable name="newBuffer" select="substring-after($text,
'&quot;')"/>

        <xsl:value-of select="$bufferBefore"/><xsl:text>\"</xsl:text>

        <xsl:call-template name="escapeQuot">

          <xsl:with-param name="text" select="$newBuffer"/>

        </xsl:call-template>

      </xsl:when>

      <xsl:otherwise>

        <xsl:value-of select="$text"/>

      </xsl:otherwise>

This electronic transmission is strictly confidential to Smith & Nephew and
intended solely for the addressee.  It may contain information which is
covered by legal, professional or other privilege.  If you are not the
intended addressee, or someone authorized by the intended addressee to
receive transmissions on behalf of the addressee, you must not retain,
disclose in any form, copy or take any action in reliance on this
transmission.  If you have received this transmission in error, please
notify the sender as soon as possible and destroy this message.


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


Current Thread