Subject: [xsl] disable-output-UNescaping From: jon wa <jonni@xxxxxxxxx> Date: Mon, 28 Oct 2002 20:52:40 +0100 (MET) |
For a project it is convenient to use XSL to generate SQL. This is because input is XML and in the future we might use a real XML database. Because malicious XML uploads might try to exploit the SQL I'm worried about certain characters, mostly quotes, apostrophes and backslashes. My idea was to escape all these chars with the \ notation but I quickly found out that my XSL always converted this back to a real "\" and the same happened for apostrophes. In xsl we have disable-output-escaping to prevent characters being escaped and I was wondering if it was possible to do the reverse and make sure that escaped chars are not unescaped during processing. Thanks. jw -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen! XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
[no subject], rhodespc | Thread | Re: [xsl] disable-output-UNescaping, Mike Brown |
[xsl] Encoding/Entities problems, Paulo \(Shape.Tech\) | Date | RE: [xsl] Role of XSLT?, jeremyf |
Month |