[thelist] XSL: Finding apostrophes

Andrew Clover and at doxdesk.com
Thu Jan 24 14:48:02 CST 2002


Jason Bauer <jbauer at mtu.edu> wrote:

> Anyone know how to escape an apostrophe for passing to another page through
> the URL?

Disclaimer: I know nothing about XSQL.

> search.xsql?name=
> <xsl:value-of select="substring-before(.,'&apos;')" />

That substring-before has its &apos; decoded to an apostrophe before XPath
gets a look in, so that's just the same as writing three apostrophes. I
believe XPath strings can be delimited with double-quotes though, so you
could write:

  <xsl:value-of select="substring-before(.,&quot;'&quot;)" />

However, as far as I can see that transform can only work for a value
with a single apostrophe in; for zero or multiple apostrophes it'll
break.

But, since you seem to building a URL, surely you don't need to escape
apostrophes? The "turn apostrophe into double-apostrophe" sequence should
happen on the code that receives a URL like -

  search.xsql?name=fish'n'chips

(if the above URL goes wrong, you've got real problems, of the
"foo'; DROP TABLE something;" variety.)

I'd have thought the characters you actually need to escape would be
the ones that are special in URLs, since you're building a URL and
everything. '%', '&', ';', and so on. I've no idea how one would go
about doing that in XSL/T, though, sorry!

--
Andrew Clover
mailto:and at doxdesk.com
http://and.doxdesk.com/



More information about the thelist mailing list