RE: [xsl] Using Transforms and #include file

Subject: RE: [xsl] Using Transforms and #include file
From: "Chris Bayes" <chris@xxxxxxxxxxx>
Date: Tue, 13 Nov 2001 17:28:53 -0000
I don't think there is anything at this level you can do to stop your
script being seen.
Putting it in the page using innerHTML means that it can't be see by
doing a view source but the script has to come from somewhere so all you
have to do is trace where it comes from.
There is a way around the script not working when you do innerHTML =
something cotaining a script; and that is to use the eval function i.e.

It is probably a result of a transform that ends up in scrAndHtml

var scrAndHtml = "...<script id=someScript lang=javascript>function

Somediv.innerHTML = scrAndHtml;

If you want to hide your script have a look at which
is a quick tip o how to obfuscate your xslt but it does it by using the
javascript encoder.

Ciao Chris

XML/XSL Portal

> -----Original Message-----
> From: owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx 
> [mailto:owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of 
> Hellstern, Manny
> Sent: 13 November 2001 16:24
> To: 'xsl-list@xxxxxxxxxxxxxxxxxxxxxx'
> Subject: RE: [xsl] Using Transforms and #include file
> I'm doing that currently. There are two reasons for what I'm 
> trying to do this
> 1.  My site has a lot of functionality all in one page 
> because of the ".innerHTML" technique I'm using.  I only need 
> specific scripts for specific content so I didn't want to 
> mass load all script.
> 2. When I use the ".innerHTML" method I notice that 
> eventhough you can see the representation with the browser, 
> if you try to "viewsource" nothing shows up. I'm thinking 
> that If I output my script in the same manner I don't have to 
> bare my "script soul" to the world.
> -----Original Message-----
> From: Hunsberger, Peter [mailto:Peter.Hunsberger@xxxxxxxxxx]
> Sent: Tuesday, November 13, 2001 10:07 AM
> To: 'xsl-list@xxxxxxxxxxxxxxxxxxxxxx'
> Subject: RE: [xsl] Using Transforms and #include file
> > Is it possible to have something like the following output 
> from XSL so
> that
> > the actual script gets inserted?  I was trying to avoid actually 
> > putting
> all
> > of my script into the XSL file.
> Why not just have your HTML include the scripts at run time 
> as external files?  
> I.e. output something like:
>             <script language="javascript" 
> src="JScripts/Buttons.js" type="text/javascript"/>
> which will cause the HTML file to pick up the script file 
> from the server and include it client side.  That way you 
> don't have to ship it multiple times to the client...
>  XSL-List info and archive:
>  XSL-List info and archive:

 XSL-List info and archive:

Current Thread