Subject: Re: [xsl] disable-output-escaping not working? From: "Henry E. Lee, Jr." <henrylee@xxxxxxxxxxxxxx> Date: Thu, 4 Jul 2002 08:41:05 -0400 |
Julian, This all sounds good. 1. I did not realize that I was using the wrong namespace. I was going with the examples in the books/articles I was using. I am just looking for plain old XML/XSL I think, or should I be using XSLT? This is all a little overwhelming when you are new to it. I'm a programmer by trade, and I have to say that XML seems to have more 'standards, namespaces and requirements' than it does code :P. What namespace(s) do you recommend? 2. Parsing the HTML using TIDY sounds like a good idea. Hopefully not too much extra work. What is TIDY and where can I find it? 3. XHTML? Hmm, so now I am looking at an XML/XSL/XSLT/TIDY/XHTML solution? Hehe. Any good references on XHTML? Everytime I try anything with XML, seems like I have to learn 2 or 3 new related technologies :) Thanks for the reply! Hank ----- Original Message ----- From: "Julian Reschke" <julian.reschke@xxxxxx> To: <xsl-list@xxxxxxxxxxxxxxxxxxxxxx> Sent: Thursday, July 04, 2002 8:14 AM Subject: RE: [xsl] disable-output-escaping not working? > Hi, > > first of all, you don't use XSLT (see namespace declaration of your > stylesheet). d-o-e is an optional feature of XSLT, not "WD-XSL". > > Second, if you allow users to enter arbitrary HTML and plan to send that to > people looking at the messages, this is a potential security hole because > the user might enter script tags as well. I'd recommend to parse the HTML > usinf TIDY, and then to copy only the (X)HTML subset you're willing to > store. This in turn should be done as proper XHTML markup, not as plain text > (then you won't need to disable escaping at all). > > Julian > > > -----Original Message----- > > From: owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx > > [mailto:owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of Henry E. Lee, > > Jr. > > Sent: Thursday, July 04, 2002 1:58 PM > > To: XSL-List@xxxxxxxxxxxxxxxxxxxxxx > > Subject: [xsl] disable-output-escaping not working? > > > > > > Hello all, > > > > First I would like to say I am new to XML/XSL, please bear with me! > > > > Second, I did look through all of the archives before posting, and I did > > find the solution to my problem, except that part of it does not work. > > > > I am creating an application that will use XML/XSL to display data for > > message boards, news items, etc. As a result, it is imperative > > that I allow > > people to insert HTML directly into my XML documents. > > > > So far to do this I have tried two different techniques. The first was to > > use commenting like so: > > > > <message> > > <!-- > > My HTML can go here with line breaks<br> > > and <b>bold</b> font. > > --> > > </message> > > > > The second technique I tried was the CDATA like so: > > > > <message> > > <![CDATA[ > > My HTML can go here with line breaks<br> > > and <b>bold</b> font. > > ]]> > > </message> > > > > In my XSL document, I have been trying to use > > disable-output-escaping="yes" > > but it seems to be getting completely ignored. I have tried using: > > > > <?xml version="1.0" ?> > > <xsl:stylesheet xmlns:xsl="http://www.w3.org/TR/WD-xsl"> > > ... > > <xsl:value-of select="message/comment()" disable-output-escaping="yes"/> > > ... > > </xsl:stylesheet> > > > > I have also tried a variety of other things as well. Of the ones > > that work, > > they all display the HTML without interpreting the tags and such. > > > > Thanks so much for the assistance, > > > > Hank > > > > ---------------------------------------- > > Henry E. Lee, Jr. > > ---------------------------------------- > > > > > > XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list > > > > > XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list > > > > XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
RE: [xsl] disable-output-escaping n, Julian Reschke | Thread | RE: [xsl] disable-output-escaping n, Julian Reschke |
Re: [xsl] disable-output-escaping n, David Carlisle | Date | RE: [xsl] OR in test, TSchutzerWeissmann |
Month |