You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@xalan.apache.org by bu...@apache.org on 2001/11/21 22:19:58 UTC
DO NOT REPLY [Bug 1403] -
xsltc has problems with output escaping
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=1403>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=1403
xsltc has problems with output escaping
tom.amiro@sun.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|VERIFIED |REOPENED
Resolution|FIXED |
------- Additional Comments From tom.amiro@sun.com 2001-11-21 13:19 -------
As we discussed, we need to make sure that in HTML attributes that
the < and > chars are not escaped, because Javascript may be written
to an attribute, such as the onClick attribute.
I also did some testing on this fix and found other problems. Tried
to plug an ATV in an HTML attribute and nothing was returned. Also,
tried to create an html attribute using <xsl:attribute> and again
the output was null.
Here is the output from Xalan (which looks good) and XSLT showing the
aforementioned problems on a test called bug4845.
Running xalan on bug4845
<html>
<body>
<form>
Create input field using xsl:attribute to create attributes -- escaping
off<br>
<input type="text" value-of_esc_yes="The "Rotary" 5M/2.4M <Road> Race"
text_esc_yes=" real " and escaped " less than < and greater than >">
<p>
LRE with disable-output-escaping=yes<br>
value-of The "Rotary" 5M/2.4M <Road> Race<br>
text real " and escaped " less than < and greater than ><br>
</p>
Create input field using xsl:attribute to create attributes -- escaping on<br>
<input type="text" value-of_esc_no="The "Rotary" 5M/2.4M <Road> Race"
text_esc_no=" real " and escaped " less than < and greater than >">
<p>
LRE with disable-output-escaping=yes<br>
value-of The "Rotary" 5M/2.4M <Road> Race<br>
text real " and escaped " less than < and greater than ><br>
</p>
Create input field with value taken from an ATV<br>
<input value="The "Rotary" 5M/2.4M <Road> Race" name="atv"
type="text">
</form>
</body>
</html>
Running XSLTC with Xerces Parser on bug4845
<html>
<body>
<form>
Create input field using xsl:attribute to create attributes -- escaping
off<br><input>
<p>
LRE with disable-output-escaping=yes<br>
value-of The "Rotary" 5M/2.4M <Road> Race<br>
text real " and escaped " less than < and greater than ><br>
</p>
Create input field using xsl:attribute to create attributes -- escaping
on<br><input>
<p>
LRE with disable-output-escaping=yes<br>
value-of The "Rotary" 5M/2.4M <Road> Race<br>
text real " and escaped " less than < and greater than ><br>
</p>
Create input field with value taken from an ATV<br><input>
</form>
</body>
</html>
bug4845.xsl
-----------
<?xml version="1.0" ?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="html" />
<xsl:template match="calendar">
<html>
<body>
<form>
Create input field using xsl:attribute to create attributes -- escaping
off<br/>
<input type="text">
<xsl:attribute name="value-of_esc_yes">
<xsl:value-of disable-output-escaping="yes" select="entry/name"/>
</xsl:attribute>
<xsl:attribute name="text_esc_yes">
<xsl:text disable-output-escaping="yes"> real " and escaped " less
than < and greater than ></xsl:text>
</xsl:attribute>
</input>
<p>
LRE with disable-output-escaping=yes<br/>
value-of <xsl:value-of disable-output-escaping="yes"
select="entry/name"/><br/>
text <xsl:text disable-output-escaping="yes"> real " and escaped "
less than < and greater than ></xsl:text><br/>
</p>
Create input field using xsl:attribute to create attributes -- escaping
on<br/>
<input type="text">
<xsl:attribute name="value-of_esc_no">
<xsl:value-of disable-output-escaping="no" select="entry/name"/>
</xsl:attribute>
<xsl:attribute name="text_esc_no">
<xsl:text disable-output-escaping="no"> real " and escaped " less
than < and greater than ></xsl:text>
</xsl:attribute>
</input>
<p>
LRE with disable-output-escaping=yes<br/>
value-of <xsl:value-of disable-output-escaping="yes"
select="entry/name"/><br/>
text <xsl:text disable-output-escaping="yes"> real " and escaped "
less than < and greater than ></xsl:text><br/>
</p>
Create input field with value taken from an ATV<br/>
<input type="text" name="atv" value="{entry/name}"></input>
</form>
</body>
</html>
</xsl:template>
</xsl:stylesheet>
bug4845.xml
-----------
<?xml version="1.0" encoding="utf-8" ?>
<calendar>
<entry>
<name>The "Rotary" 5M/2.4M <Road> Race</name>
</entry>
</calendar>