RE: [xsl] Parsing Input Data for well-formedness

Subject: RE: [xsl] Parsing Input Data for well-formedness
From: "McKeever, Marty" <marty.mckeever@xxxxxxxxxxxxxxxxx>
Date: Tue, 09 Oct 2001 16:24:46 -0400
I've two possible scenarios to worry about:
1. data coming from a database:
<p><%= bean.getCompanyName() %></p>
  or
<input type="text" value="<%=bean.getLoanType()%>" />

2. form data input by the user
<p><%= request.getParameter("Comments") %></p>

so what i'm hoping for is some kind of XMLSafe(String) method that will
guarantee that the output is well formed -- but wont add anything it doesnt
need to.
String Comments = "That's all, Over & Out";
XMLSafe(Comments) -> "That&apos;s all, Over &amp; Out"

You never know what a user mught type into a textarea for comments.  I want
to guarantee that it can be displayed upon receipt.  I guess i'll have to
write (yet another) wheel from scratch...



> -----Original Message-----
> From: Wendell Piez [mailto:wapiez@xxxxxxxxxxxxxxxx]
> Sent: Tuesday, October 09, 2001 2:41 PM
> To: xsl-list@xxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [xsl] Parsing Input Data for well-formedness
> 
> 
> Marty,
> 
> The only characters you need to worry about are '&' and '<'. XML is 
> deliberately put together this way.
> 
> Why are double escapings a problem? you just have to find, 
> and escape, any 
> '&' or '<' that is not a markup delimiter.
> 
> How bad the problem is depends on what's coming in. If it's 
> well-formed XML 
> (which you've said it isn't, I know),  all '&' and '<' are markup 
> delimiters except those in CDATA marked sections. If it's 
> plain text, none 
> of them will be markup delimiters since there's no markup. If it's 
> something else, things get trickier. HTML would be such a format, or 
> non-well-formed pseudo-XML fragments. In this case, you need 
> to know not 
> only what you want from these characters (that's pretty easy: 
> &amp; or 
> &lt;), but also what you want to happen to your markup (and 
> how you tell 
> it's markup).
> 
> Which of these do you have?
> 
> Cheers,
> Wendell
> 
> At 01:45 PM 10/9/01, you wrote:
> >When building an XML file from external data, we need to 
> validate that each
> >input string is well-formed.  The specific situation is a 
> Loan Type field
> >which returns "A&D".  Before we populate our XML file, we 
> need to convert
> >this to "A&amp;D".  Otherwise the XSLT will complain and not 
> render the
> >final page.
> >
> >Before we build a utility class for checking/correcting 
> these (all?!?) input
> >strings, i have to ask the obvious -- has anyone already 
> created something
> >like this?  Certainly there are many other characters we will need to
> >consider, and we'll have to watch out for double-escaping things
> >(A&amp;amp;D).
> >
> >Must i reinvent this wheel?
> 
> 
> ======================================================================
> Wendell Piez                            mailto:wapiez@xxxxxxxxxxxxxxxx
> Mulberry Technologies, Inc.                http://www.mulberrytech.com
> 17 West Jefferson Street                    Direct Phone: 301/315-9635
> Suite 207                                          Phone: 301/315-9631
> Rockville, MD  20850                                 Fax: 301/315-8285
> ----------------------------------------------------------------------
>    Mulberry Technologies: A Consultancy Specializing in SGML and XML
> ======================================================================
> 
> 
>  XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list
> 

 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


Current Thread