[Mapbuilder-devel] Bug? in lib/util/Utils.js::transformNodeToString()

Tue, 07 Aug 2007 02:23:24 -0700 

Hi guys,

Does anyone know why said method:

  /**
   * Transforms XML in the provided xml node according to this XSL.
   * @param xmlNode The XML node to be transformed.
   * @return The transformed String.
   */
  this.transformNodeToString = function(xmlNode) {
    try {
      // transform and build a web page with result
      var newDoc = this.transformNodeToObject(xmlNode);
      var s = (new XMLSerializer()).serializeToString(newDoc);
      if(_SARISSA_IS_OPERA)
      s =  s.replace(/.*\?\>/,"");//hack for opera to delete <?xml ... ?>
      return Sarissa.unescape(s);
    } catch(e){
      alert(mbGetMessage("exceptionTransformingDoc", this.xslUrl));
      alert("XSL="+(new XMLSerializer()).serializeToString(this.xslDom));
      alert("XML="+(new XMLSerializer()).serializeToString(xmlNode));
    }
  }

has:

  return Sarissa.unescape(s);

and not:

  return s;

The current way is wrong (IMHO of course), since it erroneously
unescapes e.g. escaped double quotes (&quot; -> "), which wreaks havoc
if you have e.g. this in your XSL:

  <xsl:variable name="inputValue">
    <xsl:text>'"&lt;b&gt;bold&lt;/b&gt;"'</xsl:text>
  </xsl:variable>
  <input type="text" value="{$inputValue}"/>

That means things will go astray if e.g. you have an HTML form with a
text input field that has the value:
  "><blink>you fool!</blink><"

svn blame says about this line:

  1460    madair1       return Sarissa.unescape(s);

which means it is pretty old.  So Mike, how is that memory of yours? ;-)

Unless someone can come up with some very good reasons why the unescape
should be necessary, I strongly propose we change it ASAP!

Regards,
-- 
-- Gertjan van Oosten, [EMAIL PROTECTED], West Consulting B.V., +31 15 2191 600

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
mapbuilder-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mapbuilder-devel

Reply via email to