[xsl] disable-output-UNescaping

Subject: [xsl] disable-output-UNescaping
From: jon wa <jonni@xxxxxxxxx>
Date: Mon, 28 Oct 2002 20:52:40 +0100 (MET)
For a project it is convenient to use XSL to generate SQL. This is because
input is XML and in the future we might use a real XML database.
Because malicious XML uploads might try to exploit the SQL I'm worried about
certain characters, mostly quotes, apostrophes and backslashes. My idea was
to escape all these chars with the &#92; notation but I quickly found out
that my XSL always converted this back to a real "\" and the same happened for
apostrophes.

In xsl we have disable-output-escaping to prevent characters being escaped
and I was wondering if it was possible to do the reverse and make sure that
escaped chars are not unescaped during processing.

Thanks.

jw

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


Current Thread