This is the mail archive of the
xsl-list@mulberrytech.com
mailing list .
RE: disable-output-escaping
- From: Benjamin Franz <snowhare at nihongo dot org>
- To: "'xsl-list at lists dot mulberrytech dot com'" <xsl-list at lists dot mulberrytech dot com>
- Date: Mon, 1 Jul 2002 08:42:59 -0700 (PDT)
- Subject: RE: [xsl] disable-output-escaping
- Reply-to: xsl-list at lists dot mulberrytech dot com
On Mon, 1 Jul 2002, CROFT, MICHAEL wrote:
> The & is a character that could be entered by the user, I have no control
> over what they enter. It is a dynamic process. I need to tell the XML
> parser to treat any text entered by the user as text.
Ok. Then what you have is a _data entry_ issue, not an _output_ issue.
There are a largish number of character 'values' that could be entered by
a user that will render your XML _syntactically_ invalid. So, you _MUST_
have a 'prefilter' on your storage system to escape all characters that
must be escaped (&, ', " and < would be good candidates) and _removes_ all
characters that are flat illegal. You will need to consult the XML spec at
W3C for particulars. And don't forget character encoding issues - XML by
default uses UTF-8 - while many clients use either ISO8859-1 or whatever
their desktop default is under windows. Mixing encodings is a Bad Thing
(tm).
Otherwise, your best bet is to Base64 encode _all_ data entered by the
user for storage and post-process the base64 data back into the raw
output you want.
--
Benjamin Franz
The only way of discovering the limits of the possible is
to venture a little way past them into the impossible.
---Arthur C. Clarke
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list