In the detested example
> <xsl:template match="image">
> <![CDATA[ <image]>><xsl:apply-templates select="@*"/> <![CDATA[
>]>>
> </xsl:template>
I didn't see any attempt to inject double quotes (I'll even admit to not
reading the subject line!).
But for inserting arbitrary characters (even metacharacters) without
escaping, maybe the disable-output-escaping attribute of <xsl:value-of>
and <xsl:text> would be useful. In my application I have an
XSL-generated HTML page with hyperlinks with GET parameters, and I use
<xsl:value-of disable-output-escaping='yes'> to prevent the & characters
in my GET URLs from being converted to &. Since = -> " is a
similar encoding to & -> &, wouldn't this help?
I apologize if I am missing the point...
tlj
-----Original Message-----
From: Brian Minchau [mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> ]
Sent: Wednesday, October 24, 2007 12:31 PM
To: Timothy Jones
Cc: [email protected]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: [Announce] Escaping double quotation marks in XSL
Timothy,
well, .... yes, .... but I think that trying to inject double quotes
into the attribute value (with modifications to you suggestion) in this
way will only get them escaped as " which is not what the user
wanted.
- Brian
