This is the mail archive of the
xsl-list@mulberrytech.com
mailing list .
RE: Converting &, >, <, ", and other odd-ball characters...
- To: <xsl-list at lists dot mulberrytech dot com>
- Subject: RE: [xsl] Converting &, >, <, ", and other odd-ball characters...
- From: "Kevin Duffey" <kevin dot duffey at home dot com>
- Date: Thu, 15 Feb 2001 08:50:30 -0800
- Reply-To: xsl-list at lists dot mulberrytech dot com
Oh yeah..not sure if you know this or not, but a "performance" tip..
whenever you use a for loop, set the target outside of the for loop (or in
its initialization):
int sze = s.length();
for( int i = 0; i < sze; i++ )
{
}
or
for( int i = 0, sze=s.length(); i<sze; i++)
{
}
also, you left out the
case '"': sb.append(""");
break;
Lastly, can you think of any other characters that are a problem when used
in input boxes, text areas, or drop-downs that need to be converted?
Thanks again.
> -----Original Message-----
> From: owner-xsl-list@lists.mulberrytech.com
> [mailto:owner-xsl-list@lists.mulberrytech.com]On Behalf Of Mike Brown
> Sent: Wednesday, February 14, 2001 10:29 PM
> To: xsl-list@lists.mulberrytech.com
> Subject: Re: [xsl] Converting &, >, <, ", and other odd-ball
> characters...
>
>
> Duffey, Kevin wrote:
> > I am about to write a java routine that is called by every
> single field of
> > every jsp page just to convert possible ", >, < and & as well
> as check for
> > some other characters and strip them (such as an MS Word paste that uses
> > bullets or the " " characters that use special codes for them).
>
> I will infer from this that you are using your JSPs to make XML that
> contains strings obtained from HTML form data.
>
> > I am not sure which way to go though. Is there a way to
> automatically have
> > XML and/or XSL convert these characters for me?
>
> No, XSLT is only able to work with XML documents that made it through a
> parser. And you'll find that string substitution in XSLT is nearly as
> painful as it is in Java.
>
> You must always escape the attribute values. You can get around the need
> to escape character data content of an element by using CDATA sections,
> but I think you'll find that it's actually just as easy to escape
> everything. Entities aren't going to help you.
>
> Also note that you can put your Java method in your JSP.
> The following code is untested, but you get the general idea.
>
> <%!
>
> // at times like these, perl would be beautiful
> private String escape( String s ) {
> StringBuffer sb = new StringBuffer();
> for ( int i = 0; i < s.length(); i++ ) {
> switch ( s.charAt(i) ) {
> case '&': sb.append("&");
> break;
> case '<': sb.append("<");
> break;
> case '>': sb.append(">");
> break;
> default: sb.append( s.charAt(i) );
> }
> }
> return sb.toString();
> }
>
> %>
>
> ...
>
> <%
> String somexml = new String( "<stuff>" +
> escape(getParameter("foo")) + "</stuff>" );
> %>
>
> - Mike
> ____________________________________________________________________
> Mike J. Brown, software engineer at My XML/XSL resources:
> webb.net in Denver, Colorado, USA http://skew.org/xml/
>
>
> XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
>
>
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list