RE: [xsl] disable-output-escaping

[Benjamin Franz <snowhare at nihongo dot org>]

On Mon, 1 Jul 2002, CROFT, MICHAEL wrote:

> The & is a character that could be entered by the user, I have no control
> over what they enter.  It is a dynamic process.  I need to tell the XML
> parser to treat any text entered by the user as text.

Ok. Then what you have is a _data entry_ issue, not an _output_ issue.  

There are a largish number of character 'values' that could be entered by
a user that will render your XML _syntactically_ invalid. So, you _MUST_
have a 'prefilter' on your storage system to escape all characters that
must be escaped (&, ', " and < would be good candidates) and _removes_ all
characters that are flat illegal. You will need to consult the XML spec at
W3C for particulars. And don't forget character encoding issues - XML by
default uses UTF-8 - while many clients use either ISO8859-1 or whatever
their desktop default is under windows. Mixing encodings is a Bad Thing 
(tm).

Otherwise, your best bet is to Base64 encode _all_ data entered by the 
user for storage and post-process the base64 data back into the raw 
output you want.

-- 
Benjamin Franz

The only way of discovering the limits of the possible is 
to venture a little way past them into the impossible.

                              ---Arthur C. Clarke


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list