Subject: RE: Bringing HTML through From: "Weakliem, Gordon" <Gordon.Weakliem@xxxxxxxxxxxxxxx> Date: Wed, 18 Oct 2000 16:17:00 -0600 |
#1 happens because the parser thinks you're trying to import a text node and helpfully escapes <> for you. I don't know how you're pulling it from the database, but you'll have to parse it and then import it into the document you want to transform. The CDATA section seems like an impediment to what you want to achieve, esp. if you want to do some filtering on the elements you're allowing. For #2, assuming you've got a document like this: <data> All this stuff came from my database. <i>Italics are OK.</i>. <b>Bold text gets passed on</b> <a href="http://localhost">This link should be passed on too.</a> <script>This script doesn't get passed on.</script> </data> Then this stylesheet: <?xml version="1.0"?> <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"> <xsl:template match="data"> <body> <xsl:copy-of select="i|b|a|text()"/> </body> </xsl:template> </xsl:stylesheet> Produces this output: <body> All this stuff came from my database. <i>Italics are OK.</i>. <b>Bold text gets passed on</b> <a href="http://localhost">This link should be passed on too.</a> </body> I don't think I'd assume <a> is safe, you can put javascript into the href attribute. This gets more complicated if you want to supress the <a> element but allow the child text node to be displayed, or if you want to supress certain attributes. In that case you'd have to set up another template to match what you're allowing and then use a body like <xsl:copy><xsl:apply-templates /></xsl:copy> to copy the current node and process the children. Something like that at least. > -----Original Message----- > From: Ian Sparks [mailto:isparks@xxxxxxxxxxxxxxx] > Sent: Tuesday, October 17, 2000 9:22 AM > To: xsl-list@xxxxxxxxxxxxxxxx > Subject: Bringing HTML through > > > I posted this one to the MSXML newsgroup some time back but > so far haven't > had a response. I'm pleased I signed up to this list since > there seem to be > some real experts here (thanks guys!). > > Hopefully I'll be able to start contributing rather than just asking > questions soon. > > ..... > > I have a problem with bringing XML documents through from a database. > > I want to store the following in my database record : > > "<i>Hello</i>" > > I need to pull this data out, put it into a DOM tree and then > pass it to the > XSL filter for processing. I want to get the same structure > carried through > into my resulting HTML file (so "Hello" appears in italics). > > Problem #1 : As soon as I load the text "<i>Hello</i>" as > the text of a node it gets transformed into > <i;>Hello... style. Not > what I want. > > Problem #2 : Lets say I put this data into a CDATA section to carry it > through, I still can't work out how to pull the contents of > that section out > and have it carried through to my HTML without it getting > transformed into > <i;>Hello... > > For security reasons I might want to limit the tags that can be > carried-through in this way (maybe allowing italic, bold, > HREFs etc but > disallowing script or anything potentially malicious). > > All insight appreciated. I suspect xsl:copy is involved but I > can't work it > out! > > - Ian Sparks. > > > > XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list > XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
RE: Bringing HTML through, ciaran byrne | Thread | White space control when formatting, Rick Anderson |
RE: From A to B without ending up a, Evan Lenz | Date | How To Access a param from style s, Bharat . Chintapally |
Month |