RE: [Announce] Escaping double quotation marks in XSL

In the detested example
    > <xsl:template match="image">
    >  <![CDATA[ <image]>><xsl:apply-templates select="@*"/> <![CDATA[ >]>>
    > </xsl:template>
I didn't see any attempt to inject double quotes (I'll even admit to not reading the subject line!).

 

But for inserting arbitrary characters (even metacharacters) without escaping, maybe the disable-output-escaping attribute of <xsl:value-of> and <xsl:text> would be useful.  In my application I have an XSL-generated HTML page with hyperlinks with GET parameters, and I use <xsl:value-of disable-output-escaping='yes'> to prevent the & characters in my GET URLs from being converted to &amp;.  Since = -> &quot; is a similar encoding to & -> &amp;, wouldn't this help?

 

I apologize if I am missing the point...

 

 

tlj
-----Original Message-----
From: Brian Minchau [mailto:minchau@xxxxxxxxxx]
Sent: Wednesday, October 24, 2007 12:31 PM
To: Timothy Jones
Cc: general@xxxxxxxxxxxxxx; tranceradi@xxxxxxxxxxx; xalan-j-users@xxxxxxxxxxxxxx
Subject: RE: [Announce] Escaping double quotation marks in XSL

Timothy,
well, .... yes, .... but I think that trying to inject double quotes into the attribute value (with modifications to you suggestion)  in this way will only get them escaped as &quot; which is not what the user wanted.

- Brian