DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=1403>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=1403 xsltc has problems with output escaping [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|VERIFIED |REOPENED Resolution|FIXED | ------- Additional Comments From [EMAIL PROTECTED] 2001-11-21 13:19 ------- As we discussed, we need to make sure that in HTML attributes that the < and > chars are not escaped, because Javascript may be written to an attribute, such as the onClick attribute. I also did some testing on this fix and found other problems. Tried to plug an ATV in an HTML attribute and nothing was returned. Also, tried to create an html attribute using <xsl:attribute> and again the output was null. Here is the output from Xalan (which looks good) and XSLT showing the aforementioned problems on a test called bug4845. Running xalan on bug4845 <html> <body> <form> Create input field using xsl:attribute to create attributes -- escaping off<br> <input type="text" value-of_esc_yes="The "Rotary" 5M/2.4M <Road> Race" text_esc_yes=" real " and escaped " less than < and greater than >"> <p> LRE with disable-output-escaping=yes<br> value-of The "Rotary" 5M/2.4M <Road> Race<br> text real " and escaped " less than < and greater than ><br> </p> Create input field using xsl:attribute to create attributes -- escaping on<br> <input type="text" value-of_esc_no="The "Rotary" 5M/2.4M <Road> Race" text_esc_no=" real " and escaped " less than < and greater than >"> <p> LRE with disable-output-escaping=yes<br> value-of The "Rotary" 5M/2.4M <Road> Race<br> text real " and escaped " less than < and greater than ><br> </p> Create input field with value taken from an ATV<br> <input value="The "Rotary" 5M/2.4M <Road> Race" name="atv" type="text"> </form> </body> </html> Running XSLTC with Xerces Parser on bug4845 <html> <body> <form> Create input field using xsl:attribute to create attributes -- escaping off<br><input> <p> LRE with disable-output-escaping=yes<br> value-of The "Rotary" 5M/2.4M <Road> Race<br> text real " and escaped " less than < and greater than ><br> </p> Create input field using xsl:attribute to create attributes -- escaping on<br><input> <p> LRE with disable-output-escaping=yes<br> value-of The "Rotary" 5M/2.4M <Road> Race<br> text real " and escaped " less than < and greater than ><br> </p> Create input field with value taken from an ATV<br><input> </form> </body> </html> bug4845.xsl ----------- <?xml version="1.0" ?> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform";> <xsl:output method="html" /> <xsl:template match="calendar"> <html> <body> <form> Create input field using xsl:attribute to create attributes -- escaping off<br/> <input type="text"> <xsl:attribute name="value-of_esc_yes"> <xsl:value-of disable-output-escaping="yes" select="entry/name"/> </xsl:attribute> <xsl:attribute name="text_esc_yes"> <xsl:text disable-output-escaping="yes"> real " and escaped " less than < and greater than ></xsl:text> </xsl:attribute> </input> <p> LRE with disable-output-escaping=yes<br/> value-of <xsl:value-of disable-output-escaping="yes" select="entry/name"/><br/> text <xsl:text disable-output-escaping="yes"> real " and escaped " less than < and greater than ></xsl:text><br/> </p> Create input field using xsl:attribute to create attributes -- escaping on<br/> <input type="text"> <xsl:attribute name="value-of_esc_no"> <xsl:value-of disable-output-escaping="no" select="entry/name"/> </xsl:attribute> <xsl:attribute name="text_esc_no"> <xsl:text disable-output-escaping="no"> real " and escaped " less than < and greater than ></xsl:text> </xsl:attribute> </input> <p> LRE with disable-output-escaping=yes<br/> value-of <xsl:value-of disable-output-escaping="yes" select="entry/name"/><br/> text <xsl:text disable-output-escaping="yes"> real " and escaped " less than < and greater than ></xsl:text><br/> </p> Create input field with value taken from an ATV<br/> <input type="text" name="atv" value="{entry/name}"></input> </form> </body> </html> </xsl:template> </xsl:stylesheet> bug4845.xml ----------- <?xml version="1.0" encoding="utf-8" ?> <calendar> <entry> <name>The "Rotary" 5M/2.4M <Road> Race</name> </entry> </calendar>
