Re: [xsl] Converting &, >, <, ", and other odd-ball characters...

Subject: Re: [xsl] Converting &, >, <, ", and other odd-ball characters...
From: Mike Brown <mike@xxxxxxxx>
Date: Wed, 14 Feb 2001 23:28:55 -0700 (MST)
Duffey, Kevin wrote:
> I am about to write a java routine that is called by every single field of
> every jsp page just to convert possible ", >, < and & as well as check for
> some other characters and strip them (such as an MS Word paste that uses
> bullets or the " " characters that use special codes for them).

I will infer from this that you are using your JSPs to make XML that
contains strings obtained from HTML form data.

> I am not sure which way to go though. Is there a way to automatically have
> XML and/or XSL convert these characters for me?

No, XSLT is only able to work with XML documents that made it through a
parser. And you'll find that string substitution in XSLT is nearly as
painful as it is in Java.

You must always escape the attribute values. You can get around the need
to escape character data content of an element by using CDATA sections,
but I think you'll find that it's actually just as easy to escape
everything. Entities aren't going to help you.

Also note that you can put your Java method in your JSP.
The following code is untested, but you get the general idea.


    // at times like these, perl would be beautiful
    private String escape( String s ) {
        StringBuffer sb = new StringBuffer();
        for ( int i = 0; i < s.length(); i++ ) {
            switch ( s.charAt(i) ) {
                case '&': sb.append("&amp;");
                case '<': sb.append("&lt;");
                case '>': sb.append("&gt;");
                default: sb.append( s.charAt(i) );
        return sb.toString();



   String somexml = new String( "<stuff>" + escape(getParameter("foo")) + "</stuff>" );

   - Mike
Mike J. Brown, software engineer at            My XML/XSL resources: in Denver, Colorado, USA    

 XSL-List info and archive:

Current Thread