Hi,
serializedDoc.unescape is the wrong way to do it. The correct way is
serializedDoc.replace(/</g,"<").replace(/>/g,">").replace(/&/g,"&");
This is also used in lib/widget/TipWidgetOL. Note that just returning
the serializedDoc also will not produce the expected result.
Regards,
Andreas.
On 8/7/07, Gertjan van Oosten <[EMAIL PROTECTED]> wrote:
> Hi guys,
>
> Does anyone know why said method:
>
> /**
> * Transforms XML in the provided xml node according to this XSL.
> * @param xmlNode The XML node to be transformed.
> * @return The transformed String.
> */
> this.transformNodeToString = function(xmlNode) {
> try {
> // transform and build a web page with result
> var newDoc = this.transformNodeToObject(xmlNode);
> var s = (new XMLSerializer()).serializeToString(newDoc);
> if(_SARISSA_IS_OPERA)
> s = s.replace(/.*\?\>/,"");//hack for opera to delete <?xml ... ?>
> return Sarissa.unescape(s);
> } catch(e){
> alert(mbGetMessage("exceptionTransformingDoc", this.xslUrl));
> alert("XSL="+(new XMLSerializer()).serializeToString(this.xslDom));
> alert("XML="+(new XMLSerializer()).serializeToString(xmlNode));
> }
> }
>
> has:
>
> return Sarissa.unescape(s);
>
> and not:
>
> return s;
>
> The current way is wrong (IMHO of course), since it erroneously
> unescapes e.g. escaped double quotes (" -> "), which wreaks havoc
> if you have e.g. this in your XSL:
>
> <xsl:variable name="inputValue">
> <xsl:text>'"<b>bold</b>"'</xsl:text>
> </xsl:variable>
> <input type="text" value="{$inputValue}"/>
>
> That means things will go astray if e.g. you have an HTML form with a
> text input field that has the value:
> "><blink>you fool!</blink><"
>
> svn blame says about this line:
>
> 1460 madair1 return Sarissa.unescape(s);
>
> which means it is pretty old. So Mike, how is that memory of yours? ;-)
>
> Unless someone can come up with some very good reasons why the unescape
> should be necessary, I strongly propose we change it ASAP!
>
> Regards,
> --
> -- Gertjan van Oosten, [EMAIL PROTECTED], West Consulting B.V., +31 15 2191
> 600
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> mapbuilder-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/mapbuilder-devel
>
--
===============================================
PRISMA solutions
Dipl.-Ing. Andreas Hocevar
-----------------------------------------------
Telefon: +43 2236 47975 27
-----------------------------------------------
PRISMA solutions EDV-Dienstleistungen GmbH
Adresse: Klostergasse 18, 2340 Mödling, Austria
http://www.prisma-solutions.at/
===============================================
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
mapbuilder-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mapbuilder-devel
