如何在 PHP 中将包含单引号和双引号的字符串作为参数传递给 XSLT?
我有一个简单的基于 PHP 的 XSLT 转换代码,如下所示:
$xsl = new XSLTProcessor();
$xsl->registerPHPFunctions();
$xsl->setParameter("","searchterms", $searchterms);
$xsl->importStylesheet($xslDoc);
echo $xsl->transformToXML($doc);
该代码将包含字符串的变量 $searchterms 作为参数传递给 XSLT 样式表,而 XSLT 样式表又将其用作文本:
<title>search feed for <xsl:value-of select="$searchterms"/></title>
这可以正常工作,直到您尝试传递一个包含混合的字符串,说:
$searchterms = '"some"'." text's quotes are mixed."
此时,XSLT 处理器尖叫:
无法创建 XPath 表达式(字符串 包含引号和双引号)
安全地将任意字符串作为 XSLT 输入传递的正确方法是什么?请注意,这些字符串将用作生成的 XML 中的文本值,而不是用作 XPATH 参数。
谢谢, 波阿斯
I have a simple PHP-based XSLT trasform code that looks like that:
$xsl = new XSLTProcessor();
$xsl->registerPHPFunctions();
$xsl->setParameter("","searchterms", $searchterms);
$xsl->importStylesheet($xslDoc);
echo $xsl->transformToXML($doc);
The code passes the variable $searchterms, which contains a string, as a parameter to the XSLT style sheet which in turns uses it as a text:
<title>search feed for <xsl:value-of select="$searchterms"/></title>
This works fine until you try to pass a string with mixes in it, say:
$searchterms = '"some"'." text's quotes are mixed."
In that point the XSLT processor screams:
Cannot create XPath expression (string
contains both quote and double-quotes)
What is the correct way to safely pass arbitrary strings as input to XSLT? Note that these strings will be used as a text value in the resulting XML and not as an XPATH paramater.
Thanks,
Boaz
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
这已被记录为错误:
https://bugs.php.net/bug.php ?id=64137
此评论:
包括以下解决方法:
另一种解决方案是将所有直引号替换为单引号:
This has been logged as a bug:
https://bugs.php.net/bug.php?id=64137
This comment:
Includes the following work-around:
Another solution is to replace all straight-quotes with single-quotes:
如果你的最终输出是 HTML,你可以尝试对其进行 htmlencoding。只要在样式表中设置实体就可以了
if your final output is HTML you could try htmlencoding it. As long as entities are set in stylesheet should be OK
您可以使用
'
转义单引号:You could use
'
to escape the single quotes:这适用于我使用
str_replace
将单引号替换为 html 特殊字符This works for me to replace the single quotation marks with html special characters using
str_replace
正如其中一个答案所示,这是一个错误。因此,您不能同时传递两个引号。
但您可以将双引号替换为其他字符,然后使用
translate
恢复原始内容。主要选择的是不会出现在文本中的字符。例如
\x7F
。另外
,您不能使用 html 实体,因为它们正在被转义。
或者使用
disable-output-escaping="yes"
:和
第一个可用于内置表达式的方法。例如:
As indicated in one of the answers, this is a bug. Therefore, you can not pass both quotes.
But you can replace the double quote with another character, and then use
translate
to restore the original.The main thing to choose is a character that will not appear on your text. For example
\x7F
.and
Also, you can not use html entities, since they are being escaped.
Or use
disable-output-escaping="yes"
:with
The first method you can use for built-in expressions. For example: