To insert your JavaScripts a safe way you may need two things:
1. either prevent parser from parsing the input using CDATA section or
escape all & and <
2. prevent Sablot from escaping the output:
- use xsl:output method=text
OR
- use disable-output-escaping="yes" attribute
The following always works:
<script>
<xsl:text disable-output-escaping="yes">
<![CDATA[
your JS code
]]>
</xsl:text>
</script>
Note: According to specs the output method of html should not escape
content of script element automatically, but it doesn't work currently.
You have to use disable-... atributte with an html output for now. This
is to be fixed later.
Petr
thierry champenois wrote:
> my problem is:
>
> < isn't replace by < in the javascript function.
>
> what is the solution please
>
> thank you
>
> Thierry
>
>
>
>
> --------
> doc.xsl:
> --------
>
> <?xml version="1.0"?>
> <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
> version="1.0">
> <xsl:template match="/">
> <html>
> <head>
> <title>Menu Intranet</title>
> <meta http-equiv="Content-Type" content="text/html;
> charset=iso-8859-1"/>
> <link rel="stylesheet" type="text/css"
>href="stylesheet.css"/>
> <link rel="stylesheet" type="text/css"
>href="menu.css"/>
> <script language="javascript">
> function m2d(i) {
> if (i < 10)
> return "0" + i;
> else
> return i;
> } // m2d
>
> ....
>
>
> --------
> doc.xml:
> --------
>
> <?xml version="1.0" encoding="ISO-8859-1"?>
> <NODES>
> <NODE ICON="ico_adm.gif" LABEL="Adm" CHILDICON="ico_item.gif">
>
> ....
>
>
> --------
> doc.php:
> --------
> <?php
>
> class xsl_transform {
>
> var $xsl_file;
> var $xml_file;
> var $filename;
>
> // {{{ xsl_transform(), constructor of xsl_transform class
>
> function xsl_transform($xsl_file = '', $xml_file = ''){
> $this->xsl_string = $this->read_file($xsl_file);
> $this->xml_string = $this->read_file($xml_file);
> }
>
> // }}}
> // {{{ read_file()
>
> function read_file($filename) {
> // get contents of a file into a string
> $fd = fopen( $filename, "r" );
> $content = fread( $fd, filesize( $filename ) );
> fclose( $fd );
> return $content;
> }
>
> // }}}
> // {{{ apply()
>
> function apply() {
> $this->result = '';
> $this->msg = xslt_process($this->xsl_string, $this->xml_string,
> $this->result);
> if(!$this->msg) print ("Transformation failed.");
> return $this->result;
> }
>
> // }}}
> }
>
> $xslt = new xsl_transform("doc.xsl", "doc.xml");
>
> print ($xslt->apply());
>
> ?>
>
>
> --------------
> resultat.html:
> --------------
> <html><head><meta http-equiv="Content-Type" content="text/html;
> charset=UTF-8"><title>Menu Intranet</title><meta http-equiv="Content-Type"
> content="text/html; charset=iso-8859-1"><link rel="stylesheet"
> type="text/css" href="stylesheet.css"><link rel="stylesheet" type="text/css"
> href="menu.css"><script language="javascript">
> function m2d(i) {
> if (i < 10)
> return "0" + i;
> else
> return i;
> } // m2d
>
>
> ______________________________________________________________________________
> Vous avez un site perso ?
> 2 millions de francs � gagner sur i(france) !
> Webmasters : ZE CONCOURS ! http://www.ifrance.com/_reloc/concours.emailif
>
--
Petr Cimprich
Ginger Alliance Ltd.
www.gingerall.com
