RE: [xsl] Converting &, >, <, ", and other odd-ball characters...

["Kevin Duffey" <kevin.duffey@xxxxxxxx>]

Oh yeah..not sure if you know this or not, but a "performance" tip..

whenever you use a for loop, set the target outside of the for loop (or in
its initialization):

int sze = s.length();
for( int i = 0; i < sze; i++ )
{
}

or

for( int i = 0, sze=s.length(); i<sze; i++)
{
}

also, you left out the

  case '"': sb.append("&quot;");
            break;



Lastly, can you think of any other characters that are a problem when used
in input boxes, text areas, or drop-downs that need to be converted?

Thanks again.


> -----Original Message-----
> From: owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx
> [mailto:owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of Mike Brown
> Sent: Wednesday, February 14, 2001 10:29 PM
> To: xsl-list@xxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [xsl] Converting &, >, <, ", and other odd-ball
> characters...
>
>
> Duffey, Kevin wrote:
> > I am about to write a java routine that is called by every
> single field of
> > every jsp page just to convert possible ", >, < and & as well
> as check for
> > some other characters and strip them (such as an MS Word paste that uses
> > bullets or the " " characters that use special codes for them).
>
> I will infer from this that you are using your JSPs to make XML that
> contains strings obtained from HTML form data.
>
> > I am not sure which way to go though. Is there a way to
> automatically have
> > XML and/or XSL convert these characters for me?
>
> No, XSLT is only able to work with XML documents that made it through a
> parser. And you'll find that string substitution in XSLT is nearly as
> painful as it is in Java.
>
> You must always escape the attribute values. You can get around the need
> to escape character data content of an element by using CDATA sections,
> but I think you'll find that it's actually just as easy to escape
> everything. Entities aren't going to help you.
>
> Also note that you can put your Java method in your JSP.
> The following code is untested, but you get the general idea.
>
> <%!
>
>     // at times like these, perl would be beautiful
>     private String escape( String s ) {
>         StringBuffer sb = new StringBuffer();
>         for ( int i = 0; i < s.length(); i++ ) {
>             switch ( s.charAt(i) ) {
>                 case '&': sb.append("&amp;");
>                           break;
>                 case '<': sb.append("&lt;");
>                           break;
>                 case '>': sb.append("&gt;");
>                           break;
>                 default: sb.append( s.charAt(i) );
>             }
>         }
>         return sb.toString();
>     }
>
> %>
>
> ...
>
> <%
>    String somexml = new String( "<stuff>" +
> escape(getParameter("foo")) + "</stuff>" );
> %>
>
>    - Mike
> ____________________________________________________________________
> Mike J. Brown, software engineer at            My XML/XSL resources:
> webb.net in Denver, Colorado, USA              http://skew.org/xml/
>
>
>  XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list
>
>


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list