[XSL-LIST Mailing List Archive Home] [By Thread] [By Date]

Re: [xsl] xml/xsl character escaping in user entered data

---

---

Jonathan Kart wrote:

Hi,

I have a relatively simple problem to solve, but as a newcomer to
xml/xsl, I could use some help.

I have data in a database which is retrieved and published to the web
but processing the db into xml and then converted to html via xsl
transformations.  My issue is that non-technical users enter the data
into the database.  I need to insure the following goals:
1. nothing the users enter can cause the subsequent xml files to be
malformed
2. any intra-content html formatting they enter is preserved after the
xsl transformations are complete.  For example, user data such as:
"Here is the <b>Title</b> of my article"
needs to be preserved exactly so the browser will bold the "Title".

I have tried:
1. escaping any invalid xml chars with entity references.  this
achieves the first but not the second goal.
2. wrapping all user entered data with <![CDATA[]]> sections in the
xml.  This prevents any user entered data from breaking the subsequent
xml file, but escapes any valid internal formatting once the xsl
transformation is complete.

  I'm not sure how to proceed..  Any help is greatly appreciated.
Although, I'm not at liberty to alter the process of db ---> xml --(via
xslt)--> html.  So system design suggestions won't aide me.  I'm just
looking for a way to solve this particular problem.

At some point, you'll have to run the markup entered by the user through a process that makes it wellformed XML; usually people suggest using the W3C's "tidy" tool to do that.

Julian

--
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760

---