[thelist] XSL: Finding apostrophes
Andrew Clover
and at doxdesk.com
Thu Jan 24 14:48:02 CST 2002
Jason Bauer <jbauer at mtu.edu> wrote:
> Anyone know how to escape an apostrophe for passing to another page through
> the URL?
Disclaimer: I know nothing about XSQL.
> search.xsql?name=
> <xsl:value-of select="substring-before(.,''')" />
That substring-before has its ' decoded to an apostrophe before XPath
gets a look in, so that's just the same as writing three apostrophes. I
believe XPath strings can be delimited with double-quotes though, so you
could write:
<xsl:value-of select="substring-before(.,"'")" />
However, as far as I can see that transform can only work for a value
with a single apostrophe in; for zero or multiple apostrophes it'll
break.
But, since you seem to building a URL, surely you don't need to escape
apostrophes? The "turn apostrophe into double-apostrophe" sequence should
happen on the code that receives a URL like -
search.xsql?name=fish'n'chips
(if the above URL goes wrong, you've got real problems, of the
"foo'; DROP TABLE something;" variety.)
I'd have thought the characters you actually need to escape would be
the ones that are special in URLs, since you're building a URL and
everything. '%', '&', ';', and so on. I've no idea how one would go
about doing that in XSL/T, though, sorry!
--
Andrew Clover
mailto:and at doxdesk.com
http://and.doxdesk.com/
More information about the thelist
mailing list