All geek questions in one place

How to pass a string containing single and double quotes as an XSLT parameter in PHP?

I have a simple XSLT trasform PHP code that looks like this:

$xsl = new XSLTProcessor(); $xsl->registerPHPFunctions(); $xsl->setParameter("","searchterms", $searchterms); $xsl->importStylesheet($xslDoc); echo $xsl->transformToXML($doc);

The code passes the variable $ searchterms, which contains the string, as a parameter to the XSLT stylesheet, which in turn uses it as text:

 <title>search feed for <xsl:value-of select="$searchterms"/></title>

This works fine until you try to pass a string with mixtures in it, say:

 $searchterms = '"some"'." text quotes are mixed."

At this point, the XSLT processor yells:

Unable to create XPath expression (string contains both quotes and double quotes)

What is the proper way to safely wrap arbitrary strings as input to XSLT? Note that these strings will be used as a text value in the resulting XML, and not as an XPATH parameter.

Thanks Boaz

+4
source share
5 answers

This is logged as an error:

https://bugs.php.net/bug.php?id=64137

This comment:

This drawback comes from the fact that XPath 1.0 does not provide a mechanism for escape characters, so PHP has no direct way to express a string containing both types of quotes. However, XPath 1.0 does provide a string concatenation function. Using concat (), a two-character string "" can be expressed as concat ('' ',' ''). concat () takes 2 or more arguments.

Includes the following workaround:

So, while you change the citation style, you can express a string containing any number of quotes of both types.

Another solution is to replace all direct quotes with single quotes:

 $t = str_replace( "\"", "''", $t ); $xsltEngine->setParameter( "some-text", $t );
+1
source

If your end result is HTML, you can try htmlencoding it. While objects are defined in the stylesheet, should be OK

0
source

You can use &apos; to avoid single quotes:

 $searchterms = '"some" text&apos;s quotes are mixed.'
0
source

This works for me to replace single quotes with special html characters using str_replace

 $t = str_replace("'", "&#39;", $t); $xsltEngine->setParameter( "some-text", $t );
0
source

As indicated in one of the answers, this is a mistake. Therefore, you cannot pass both quotes.

But you can replace the double quote with another character, and then use translate to restore the original.

The main thing to choose is a character that will not be displayed in your text. For example, \x7F .

 $xsl = new XSLTProcessor(); $xsl->registerPHPFunctions(); $xsl->setParameter("","searchterms", strtr($searchterms, '"', "\x7F")); $xsl->importStylesheet($xslDoc); echo $xsl->transformToXML($doc);

and

 <title>search feed for <xsl:value-of select="translate($searchterms, '&#x7F;', '&quot;')"/></title>

In addition, you cannot use html objects as they are escaped.

Or use disable-output-escaping="yes" :

 <title>search feed for <xsl:value-of select="$searchterms" disable-output-escaping="yes"/></title>

from

 $xsl->setParameter("","searchterms", htmlspecialchars($searchterms));

The first method you can use for inline expressions. For instance:

 <title attr="foo {translate($searchterms, '&#x7F;', '&quot;')} bar">bazz</title>
0
source

Source: https://habr.com/ru/post/1308348/

More articles:


All Articles