Cannot get xslt to output an (&) even after escapi

2020-02-10 12:06发布

问题:

I am trying to create a query string of variable assignments separated by the & symbol (ex: "var1=x&var2=y&..."). I plan to pass this string into an embedded flash file.

I am having trouble getting an & symbol to show up in XSLT. If I just type & with no tags around it, there is a problem rendering the XSLT document. If I type &amp; with no tags around it, then the output of the document is &amp; with no change. If I type <xsl:value-of select="&" /> or <xsl:value-of select="&amp;" /> I also get an error. Is this possible? Note: I have also tried &amp;amp; with no success.

回答1:

You can combine disable-output-escaping with a CDATA section. Try this:

<xsl:text disable-output-escaping="yes"><![CDATA[&]]></xsl:text>


回答2:

I am trying to create a query string of variable assignments separated by the & symbol (ex: "var1=x&var2=y&..."). I plan to pass this string into an embedded flash file.

I am having trouble getting an & symbol to show up in XSLT.

Here is a runnable, short and complete demo how to produce such URL:

<xsl:stylesheet version="1.0"  xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
 <xsl:output method="text"/>

 <xsl:variable name="vX" select="'x'"/>
 <xsl:variable name="vY" select="'y'"/>
 <xsl:variable name="vZ" select="'z'"/>

  <xsl:template match="/">
    <xsl:value-of select=
"concat('http://www.myUrl.com/?vA=a&amp;vX=', $vX, '&amp;vY=', $vY, '&amp;vZ=', $vZ)"/>
  </xsl:template>
</xsl:stylesheet>

When this transformation is applied on any source XML document (ignored):

<t/>

the wanted, correct result is produced:

http://www.myUrl.com/?vA=a&vX=x&vY=y&vZ=z

As for the other issues raised in the question:

If I type &amp; with no tags around it, then the output of the document is &amp; with no change.

The above statement simply isn't true ... Just run the transformation above and look at the result.

What really is happening:

The result you are seeing is absolutely correct, however your output method is html or xml (the default value for method=), therefore the serializer of the XSLT processor must represent the correct result -- the string http://www.myUrl.com/?vA=a&vX=x&vY=y&vZ=z -- as (part of) a text node in a well-formed XML document or in an HTML tree.

By definition in a well-formed XML document a literal ampersand must be escaped by a character reference, such as the built-in &amp; or &#38;, or &#x26;

Remember: A string that is represented as (part of) an XML text node, or within an HTML tree, may not look like the same string when represented as text. Nevertheless, these are two different representations of the same string.

To better understand this simple fact, do the following:

Take the above transformation and replace the xsl:output declaration:

 <xsl:output method="text"/>

with this one:

 <xsl:output method="xml"/>

Also, surround the output in a single XML element. You may also try to use different escapes for the ampersand. The transformation may now look like this:

<xsl:stylesheet version="1.0"  xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
 <xsl:output omit-xml-declaration="yes" method="xml"/>

 <xsl:variable name="vX" select="'x'"/>
 <xsl:variable name="vY" select="'y'"/>
 <xsl:variable name="vZ" select="'z'"/>

  <xsl:template match="/">
        <t>
            <xsl:value-of select=
 "concat('http://www.myUrl.com/?vA=a&amp;vX=', $vX, '&#38;vY=', $vY, '&#x26;vZ=', $vZ)"/>
        </t>
  </xsl:template>
</xsl:stylesheet>

And the result is:

<t>http://www.myUrl.com/?vA=a&amp;vX=x&amp;vY=y&amp;vZ=z</t>

You will get the same result with output method html.

Question:

Is the URL that is output different (or even "damaged") than the one output in the first transformation?

Answer:

No, in both cases the same string was output -- however in each case a different representation of the string was used.

Question:

Must I use the DOE (disable-output-escaping="yes") attribute in order to output the wanted URL?

Answer:

No, as shown in the first transformation.

Question:

Is it recommended to use the DOE (disable-output-escaping="yes") attribute in order to output the wanted URL?

Answer:

No, using DOE is a bad practice in XSLT and usually a signal that the programmer doesn't have a good grasp of the XSLT processing model. Also, DOE is only an optional feature of XSLT 1.0 and it is possible that your XSLT processor doesn't implement DOE, or even if it does, you could have problems running the same transformation with another XSLT processor.

Question

I came from a different problem to the question i made a bounty for. My problem: i try to generate this onclick method:

    <input type="submit" 
onClick="return confirm('are you sure?') && confirm('seriously?');" />

what i can make is: i can place the confirms in a function ... but its buggin me that i can not make a & inside a attribute! The solve of this question is the solve of my problem i think.

Answer

Actually, you can specify the && Boolean operation inside a JavaScript expression inside an attribute, by representing it as &amp;&amp;

Here is a complete example, that everyone can run, as I did on three browsers: Chrome, Firefox 41.1.01 and IE11:

HTML:

<!DOCTYPE html> 

    <html> 
      <head> 
        <link rel="stylesheet" href="style.css"> 
        <script src="script.js"></script> 
      </head> 
      <body> 
        <h1>Hello Plunker!</h1> 
        <input type="submit" 
onClick="alert(confirm('are you sure?') &amp;&amp; confirm('seriously?'));" /> 
      </body> 
    </html>

JavaScript (script.js):

function confirm(message) { 
  alert(message); 
  return message === 'are you sure?'; 

}

When you run this, you'll first get this alert:

Then, after clicking the OK button, you'll get the second alert:

And after clicking OK you'll finally get the alert that produces the result of the && operation:

You may play with this code by varying the values of the arguments passed to the confirm() function and you will verify that the produced results are those of using the && operator.

For example, if you change the <input> element to this:

<input type="submit" 
onClick="alert(confirm('really sure?') &amp;&amp; confirm('seriously?'));" /> 

You'll get first this alert:

And when you click OK, you'll immediately get the final result of the && operation:

The second alert is skipped, because the 1st operand of the && operation was false and JavaScript is shortcutting an && where the 1st operand is false.

To summarize:

It is easy to use the && operator inside an attribute, in an HTML document generated by XSLT, by specifying the && operand as &amp;&amp;



回答3:

Are you expressing the URI in HTML or XHTML? e.g. <tag attr="http://foo.bar/?key=value&amp;key2=value2&amp;..."/> If so, "&amp;" is the correct way to express an ampersand in an attribute value, even if it looks different from than literal URI you want. Browsers will decode "&amp;" and any other character entity reference before either loading them or passing them to Flash. To embed a literal, lone "&" directly in HTML or XHTML is incorrect.

I also personally recommend learning more about XML in order to think about these kinds of things in a clearer way. For instance, try using the W3C DOM more (for more than just trivial Javascript); even if you don't use it day-to-day, learning the DOM helped me think about the tree structure of XML correctly and how to think about correctly encoding attributes and elements.



回答4:

Use disable-output-escaping="yes" in your value-of tag



回答5:

If you are creating a query string as part of a larger URL in an attribute of some other tag (like "embed"), then you actually want the & to be escaped as &amp;. While all browsers will figure out what you mean and Do The Right Thing, if you were to pass your generated doc to a validator it would flag the un-escaped & in the attribute value.



回答6:

If you are trying to produce an XML file as output, you will want to produce &amp; (as & on it's own is invalid XML). If you are just producing a string then you should set the output mode of the stylesheet to text by including the following as a child of the xsl:stylesheet

<xsl:output method="text"/>

This will prevent the stylesheet from escaping things and <xsl:value-of select="'&amp;'" /> should produce &.



回答7:

If your transform is emitting an XML document, you shouldn't disable output escaping. You want markup characters to be escaped in the output, so that you don't emit malformed XML. The XML object that you're processing the output with (e.g. a DOM) will unescape the text for you.

If you're using string manipulation instead of an XML object to process the output, you have a problem. But the problem's not with your XSLT, it's with the decision to use string manipulation to process XML, which is almost invariably a bad one.

If your transform is emitting HTML or text (and you've set the output type on the <xsl:output> element, right?), it's a different story. Then it's appropriate to use disable-output-escaping='yes' on your <xsl:value-of> element.

But in any case, you'll need to escape the markup characters in your XSLT's text nodes, unless you've wrapped the text in a CDATA section.



回答8:

Disable output escaping will do the job......as this attribute is supported for a text only you can manipulate the template also eg:

 <xsl:variable name="replaced">

    <xsl:call-template name='app'>
      <xsl:with-param name='name'/>       
    </xsl:call-template>
  </xsl:variable>


<xsl:value-of select="$replaced" disable-output-escaping="yes"/>

---> Wrapped the template call in a variable and used disable-output-escaping="yes"..



回答9:

Just replace & with

<![CDATA[&]]>

in the data. EX: Data XML

<title>Empire <![CDATA[&]]> Burlesque</title>

XSLT tag:

<xsl:value-of select="title" />

Output: Empire & Burlesque



回答10:

You should note, that you can use disable-output-escaping within the value of node or string/text like:

<xsl:value-of select="/node/here" disable-output-escaping="yes" />

or

<xsl:value-of select="'&amp;'" disable-output-escaping="yes" />
<xsl:text disable-output-escaping="yes">Texas A&amp;M</xsl:text>

Note the single quotes in the xsl:value-of.

However you cannot use disable-output-escaping on attributes. I know it's completely messed up but, that's the way things are in XSLT 1.0. So the following will NOT work:

<xsl:value-of select="/node/here/@ttribute" disable-output-escaping="yes" />

Because in the fine print is the quote:

Thus, it is an error to disable output escaping for an <xsl:value-of /> or <xsl:text /> element that is used to generate the string-value of a comment, processing instruction or attribute node;

emphasis mine.

Taken from: http://www.w3.org/TR/xslt#disable-output-escaping



回答11:

Using the disable-output-escaping attribute (a boolean) is probably the easiest way of accomplishing this. Notice that you can use this not only on <xsl:value-of/> but also with <xsl:text>, which might be cleaner, depending on your specific case.

Here's the relevant part of the specification: http://www.w3.org/TR/xslt#disable-output-escaping



回答12:

org.apache.xalan.xslt.Process, version 2.7.2 outputs to the "Here is a runnable, short and complete demo how to produce such URL" mentioned above:

<?xml version="1.0" encoding="UTF-8"?>http://www.myUrl.com/?vA=a&amp;vX=x&amp;vY=y&amp;vZ=z11522

The XML declaration is suppressed with an additional omit-xml-declaration="yes", but however with output method="text" escaping the ampersands is not justifiable.



回答13:

try: <xsl:value-of select="&amp;" disable-output-escaping="yes"/>

Sorry if the formatting is messed up.