Tuesday, May 11, 2010

How to put CDATA into script tag in XSLT

You have an XSL template for the website you are working on and you would like to embed some JavaScript in the markup. You care so you would like to keep the XHTML output valid. Easy enough - all it takes is wrapping the actual JavaScript code with CDATA. To make it safe you would also add JS comments around CDATA and move on. But is it really that easy with XSL? Let's have a look.

XSL template for JavaScript

Here is the working solution which allows for safe embedding JavaScript on XHTML pages created with XSL templates.

Example 0
<?xml version="1.0" encoding="UTF-8"?>
<xsl:transform version="1.0"
    xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
    <xsl:output
        method="xml"
        encoding="utf-8"
        doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN"
        doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
        indent="yes"
        cdata-section-elements=""
        omit-xml-declaration="yes" />
 
    <xsl:template name="javascript">
        <xsl:param name="code"/>
            <xsl:text disable-output-escaping="yes">
            &lt;script type="text/javascript"&gt;
            /* &lt;![CDATA[ */ </xsl:text>
            <xsl:value-of select="$code" disable-output-escaping="yes"/>
            <xsl:text disable-output-escaping="yes">
            /* ]]&gt; */
            &lt;/script&gt;
            </xsl:text>
    </xsl:template>
        
    <xsl:template match="/">
        <html>
            <body>
                <xsl:call-template name="javascript">
                    <xsl:with-param name="code">
                        <![CDATA[
                        if (1 > 2) {}
                        ]]>
                    </xsl:with-param>
                </xsl:call-template>
            </body>
        </html>
    </xsl:template>
</xsl:transform>
The above example will output:
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3.   <body>
  4.             <script type="text/javascript">
  5.             /* <![CDATA[ */ 
  6.                         if (1 > 2) {}
  7.  
  8.             /* ]]> */
  9.             </script>
  10.             </body>
  11. </html>
  12.  

Can it be simpler?

Let's start off with the most intuitive approach - add CDATA inside script tag as you would in XHTML.

Example 1
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <xsl:transform version="1.0"
  3.  xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
  4.  <xsl:output
  5.   method="xml"
  6.   encoding="utf-8"
  7.   doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN"
  8.   doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
  9.   indent="yes"
  10.   cdata-section-elements=""
  11.   omit-xml-declaration="yes" />
  12.  
  13.  <xsl:template match="/">
  14.   <html>
  15.    <body>
  16.     <script type="text/javascript">
  17.     /* <![CDATA[ */
  18.     if (1 < 2) {}
  19.     /* ]]> */
  20.     </script>
  21.    </body>
  22.   </html>
  23.  </xsl:template>
  24. </xsl:transform>
The above example will output:
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3.   <body>
  4.     <script type="text/javascript">
  5.     /*  */
  6.     if (1 &lt; 2) {}
  7.     /*  */
  8.     </script>
  9.   </body>
  10. </html>
  11.  

CDATA got stripped off and the < sign got replaced with &lt;. Of course! CDATA as an XML specific construct is interpreted in XSL as well. And that helps - try to remove CDATA from the following example and you will see an error. Good old < is the source of trouble here - without CDATA around, it makes XML invalid.

The interpreted CDATA should stay then but another CDATA is required in the output. xls:output has an option which allows to wrap content of certain tags with CDATA. However if you set it up to wrap up content of script tags with CDATA (the rest of the code like in example 1) you will not get what you need. Let's have a look.

Example 2
  1.   cdata-section-elements="script"
The above example will output:
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3.   <body>
  4.     <script type="text/javascript">
  5. <![CDATA[
  6.     /*  */
  7.     if (1 < 2) {}
  8.     /*  */
  9.     ]]>
  10.     </script>
  11.   </body>
  12. </html>
  13.  

Ok, now there is CDATA in the output but it is not safely commented out. And it does not seem possible to get it that way. And how about creating CDATA explicitly as a text? Maybe with disabled output escaping that would work? Let's see.

Example 3
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <xsl:transform version="1.0"
  3.  xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
  4.  <xsl:output
  5.   method="xml"
  6.   encoding="utf-8"
  7.   doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN"
  8.   doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
  9.   indent="yes"
  10.   cdata-section-elements=""
  11.   omit-xml-declaration="yes" />
  12.  
  13.  <xsl:template match="/">
  14.   <html>
  15.    <body>
  16.     <script type="text/javascript">
  17.      <xsl:text disable-output-escaping="yes">
  18.       /* &lt;![CDATA[ */
  19.      </xsl:text>
  20.      <![CDATA[
  21.       if (1 < 2) {}
  22.      ]]>
  23.      <xsl:text disable-output-escaping="yes">
  24.       /* ]]&gt; */
  25.      </xsl:text>
  26.     </script>
  27.    </body>
  28.   </html>
  29.  </xsl:template>
  30. </xsl:transform>
The above example will output:
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3.   <body>
  4.     <script type="text/javascript">
  5.       /* <![CDATA[ */
  6.  
  7.       if (1 &lt; 2) {}
  8.  
  9.       /* ]]> */
  10.      </script>
  11.   </body>
  12. </html>
  13.  

That's definitely some progress, CDATA is in place. Now the &lt; in the JavaScript code should become < again. Why not to put the whole JavaScript code into another xsl:text tag with disable escaping? Well, that's why:

Example 4
  1.     <script type="text/javascript">
  2.      <xsl:text disable-output-escaping="yes">
  3.       /* &lt;![CDATA[ */
  4.      </xsl:text>
  5.      <xsl:text disable-output-escaping="yes">
  6.      <![CDATA[
  7.       if (1 < 2) {}
  8.      ]]>
  9.      </xsl:text>
  10.      <xsl:text disable-output-escaping="yes">
  11.       /* ]]&gt; */
  12.      </xsl:text>
  13.     </script>
The above example will output:
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3.   <body>
  4.     <script type="text/javascript">
  5.       /* <![CDATA[ */
  6.  
  7.  
  8.       if (1 &lt; 2) {}
  9.  
  10.  
  11.       /* ]]> */
  12.      </script>
  13.   </body>
  14. </html>
  15.  

Is it a dead end or maybe xsl:text element is not the best choice after all? It has to be something with disable-output-escaping attribute. Another such an element is xsl:value-of. Assuming that the JavaScript code exists only in the template and not in the processed XML structure, value-of needs an xsl:variable to read value from.

Example 5
  1.    <xsl:variable name="s1">
  2.     <![CDATA[
  3.      if (1 < 2) {}
  4.     ]]>
  5.     </xsl:variable>
  6.    <script type="text/javascript">
  7.      <xsl:text disable-output-escaping="yes">
  8.       /* &lt;![CDATA[ */
  9.      </xsl:text>
  10.      <xsl:value-of select="$s1" disable-output-escaping="yes"/>
  11.      <xsl:text disable-output-escaping="yes">
  12.       /* ]]&gt; */
  13.      </xsl:text>
  14.     </script>
The above example will output:
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3.   <body>
  4.     <script type="text/javascript">
  5.       /* <![CDATA[ */
  6.  
  7.      if (1 < 2) {}
  8.  
  9.       /* ]]> */
  10.      </script>
  11.   </body>
  12. </html>
  13.  

And that worked! It is not very flexible solution, though. Defining variable for every JavaScript in the template seems to be acceptable only if necessary. Luckily xsl:value-of can also read value of a parameter passed to an xsl:template. That's how I got to the template you can find at the top of the page.

Thank you for reading. I hope you found it useful.

Update - 21.05.2010

At the beginning the template looked like this:

  1.  <xsl:template name="javascript">
  2.   <xsl:param name="code"/>
  3.   <script type="text/javascript">
  4.    <xsl:text disable-output-escaping="yes">
  5.    /* &lt;![CDATA[ */ </xsl:text>
  6.    <xsl:value-of select="$code" disable-output-escaping="yes"/>
  7.    <xsl:text disable-output-escaping="yes">
  8.    /* ]]&gt; */
  9.    </xsl:text>
  10.   </script>
  11.  </xsl:template>

However it turned out that on some PHP installations XSLT adds CDATA inside <script> tag even if it's not specified in the <xsl:output>. Therefore <script> tag has to be generated as a text rather than being part of interpreted XML.

Jacek

Posted by at 11:35 PM
Labels: ,

31 comments:

  1. Gabriel HautclocqSeptember 6, 2010 at 4:26 AM

    Hello,

    You can also have a look at my solution which work in all major browsers (IE, Firefox, Chrome, Opera):
    http://www.gabsoftware.com/tips/extending-xhtml-with-xml-xsl-transformations-entities-cdata-sections-javascript/

    ReplyDelete
  2. AnonymousSeptember 28, 2010 at 3:47 PM

    What if you need to use XSLT tags within the "code" param?

    For example:

    < xsl:call-template name="javascript" >
    < xsl:with-param name="code" >
    < ![CDATA[
    var x = < xsl:value-of select="$x"/ >
    var y = < xsl:value-of select="$y"/ >
    if (x > y) {}
    ]]>
    < /xsl:with-param >
    < /xsl:call-template >

    ReplyDelete
  3. AnonymousJuly 26, 2013 at 5:24 PM

    Thank you so much for this! I've been fiddling with this issue all morning.

    ReplyDelete
  4. radhaApril 17, 2018 at 9:29 AM

    Nice post .Keep updating UI online course Bangalore

    ReplyDelete
  5. genga gSeptember 25, 2018 at 7:22 AM

    This is quite educational arrange. It has famous breeding about what I rarity to vouch. Colossal proverb. This trumpet is a famous tone to nab to troths. Congratulations on a career well achieved. This arrange is synchronous s informative impolite festivity to pity. I appreciated what you ok extremely here.



    angularjs Training in bangalore

    angularjs Training in electronic-city

    angularjs Training in online

    angularjs Training in marathahalli

    ReplyDelete
  6. simbuOctober 17, 2018 at 8:34 AM

    Thank you so much for a well written, easy to understand article on this. It can get really confusing when trying to explain it – but you did a great job. Thank you!
    Java training in Chennai | Java training in Bangalore

    Java interview questions and answers | Core Java interview questions and answers

    ReplyDelete
  7. nivathaOctober 17, 2018 at 8:50 AM

    I really like your blog. You make it interesting to read and entertaining at the same time. I cant wait to read more from you.
    Data Science Training in Indira nagar | Data Science Training in btmlayout

    Python Training in Kalyan nagar | Data Science training in Indira nagar

    Data Science Training in Marathahalli | Data Science Training in BTM Layout

    ReplyDelete
  8. gauthamOctober 15, 2019 at 7:52 AM

    thanks for your post azure training in hyderabad

    ReplyDelete
  9. gauthamOctober 16, 2019 at 5:59 AM

    this is the fantastic post to learn pl sql training

    ReplyDelete
  10. rameshJuly 11, 2020 at 4:44 PM

    The Blog is really excellent one.

    Azure Training in Chennai | Certification | Azure Online Training Course | Azure Training in Bangalore | Certification | Azure Online Training Course | Azure Training in Hyderabad | Certification | Azure Online Training Course | Azure Training in Pune | Certification | Azure Online Training Course | Azure Training | microsoft azure certification | Azure Online Training Course

    ReplyDelete
  11. SedenOctober 2, 2023 at 3:12 AM

    Kayseri
    Ankara
    Kilis
    Sakarya
    Bursa
    ZJTUAN

    ReplyDelete
  12. BinaryPhantomSorcerer666October 8, 2023 at 3:37 PM

    goruntulu show
    ücretli
    KNCN

    ReplyDelete
  13. LunarFlare1QOctober 19, 2023 at 11:17 PM

    istanbul evden eve nakliyat
    urfa evden eve nakliyat
    konya evden eve nakliyat
    tunceli evden eve nakliyat
    denizli evden eve nakliyat
    QXR

    ReplyDelete
  14. DigitDynamo369October 27, 2023 at 11:52 PM

    https://istanbulolala.biz/
    PİL

    ReplyDelete
  15. QuantumKeşifçi33October 31, 2023 at 2:33 PM

    ığdır evden eve nakliyat
    bitlis evden eve nakliyat
    batman evden eve nakliyat
    rize evden eve nakliyat
    niğde evden eve nakliyat
    82XNİ

    ReplyDelete
  16. StarryGizliAjan16November 3, 2023 at 11:46 AM

    ığdır evden eve nakliyat
    bitlis evden eve nakliyat
    batman evden eve nakliyat
    rize evden eve nakliyat
    niğde evden eve nakliyat
    77X4V0

    ReplyDelete
  17. CD5EENolaB4C6CNovember 6, 2023 at 8:25 AM

    06E7F
    Erzincan Lojistik
    Bilecik Parça Eşya Taşıma
    Isparta Evden Eve Nakliyat
    Batman Parça Eşya Taşıma
    Antep Parça Eşya Taşıma

    ReplyDelete
  18. F7EDBIgnacio957AANovember 9, 2023 at 10:39 AM

    0305E
    Gümüşhane Şehirler Arası Nakliyat
    Bitmex Güvenilir mi
    Yozgat Şehirler Arası Nakliyat
    İstanbul Evden Eve Nakliyat
    Denizli Evden Eve Nakliyat
    Kırklareli Şehir İçi Nakliyat
    Ardahan Şehir İçi Nakliyat
    Antep Şehirler Arası Nakliyat
    Düzce Parça Eşya Taşıma

    ReplyDelete
  19. 16960Konnor84081November 10, 2023 at 2:35 PM

    6F112
    Ünye Oto Elektrik
    Kırklareli Lojistik
    Coin Nedir
    Erzincan Şehir İçi Nakliyat
    Gümüşhane Evden Eve Nakliyat
    İstanbul Şehir İçi Nakliyat
    Hatay Lojistik
    Tekirdağ Cam Balkon
    Denizli Şehirler Arası Nakliyat

    ReplyDelete
  20. F1D5ABlaze56206November 12, 2023 at 2:53 AM

    CBA50
    Mersin Lojistik
    Ünye Kurtarıcı
    Batıkent Fayans Ustası
    Kilis Şehirler Arası Nakliyat
    Malatya Şehir İçi Nakliyat
    Bursa Lojistik
    Van Şehir İçi Nakliyat
    Lunc Coin Hangi Borsada
    Chat Gpt Coin Hangi Borsada

    ReplyDelete
  21. 803A4Wallace3A868November 13, 2023 at 8:23 AM

    39815
    Hatay Evden Eve Nakliyat
    Urfa Evden Eve Nakliyat
    Samsun Şehirler Arası Nakliyat
    Ünye Oto Lastik
    Kucoin Güvenilir mi
    Karaman Lojistik
    Poloniex Güvenilir mi
    Bitget Güvenilir mi
    Trabzon Parça Eşya Taşıma

    ReplyDelete
  22. 1E538LesterBD5F9December 2, 2023 at 7:31 PM

    46A8F
    referans kodu binance

    ReplyDelete
  23. 3902AConrad1C712December 6, 2023 at 10:05 PM

    40916
    binance %20

    ReplyDelete
  24. 37DABJayleneACA57December 20, 2023 at 12:20 AM

    0D9DB
    kayseri muhabbet sohbet
    manisa rastgele sohbet
    uşak en iyi görüntülü sohbet uygulamaları
    giresun canlı görüntülü sohbet siteleri
    adana en iyi ücretsiz sohbet siteleri
    muğla canlı sohbet ücretsiz
    antep tamamen ücretsiz sohbet siteleri
    karabük canlı sohbet uygulamaları
    samsun kızlarla canlı sohbet

    ReplyDelete
  25. 20B5EJulius7C3FCDecember 27, 2023 at 1:39 AM

    F6E26
    Ağrı Görüntülü Sohbet Odaları
    Muğla Sohbet Siteleri
    hakkari bedava sohbet uygulamaları
    en iyi ücretsiz sohbet uygulamaları
    nevşehir mobil sohbet odaları
    bingöl ücretsiz sohbet uygulaması
    Bilecik Canlı Görüntülü Sohbet Uygulamaları
    antalya bedava sohbet odaları
    chat sohbet

    ReplyDelete
  26. 70086KaitlynAC412January 5, 2024 at 2:06 PM

    839A4
    antalya canlı sohbet et
    şırnak ücretsiz sohbet siteleri
    sohbet muhabbet
    telefonda kadınlarla sohbet
    Afyon Mobil Sohbet Bedava
    tekirdağ sesli sohbet mobil
    rastgele sohbet
    telefonda kızlarla sohbet
    Kırşehir Görüntülü Sohbet Ücretsiz

    ReplyDelete
  27. 0E8B0ScottBD681January 6, 2024 at 2:06 PM

    AA0A8
    Instagram Beğeni Hilesi
    Binance Kimin
    Bitcoin Kazanma
    Referans Kimliği Nedir
    Okex Borsası Güvenilir mi
    Linkedin Beğeni Satın Al
    Kripto Para Nasıl Üretilir
    Twitter Beğeni Hilesi
    Vector Coin Hangi Borsada

    ReplyDelete
  28. 59065Solomon30C08January 19, 2024 at 6:48 AM

    3952A
    Soundcloud Takipçi Satın Al
    Okex Borsası Güvenilir mi
    Bitcoin Hesap Açma
    Binance Borsası Güvenilir mi
    Bulut Madenciliği Nedir
    Facebook Takipçi Hilesi
    Threads Takipçi Satın Al
    Binance Referans Kodu
    Kripto Para Nasıl Alınır

    ReplyDelete
  29. FEE52Sierra7879AJanuary 20, 2024 at 3:31 AM

    AC994
    Clubhouse Takipçi Hilesi
    Raca Coin Hangi Borsada
    Bitcoin Kazma
    Threads Takipçi Satın Al
    Spotify Takipçi Satın Al
    Aptos Coin Hangi Borsada
    Ceek Coin Hangi Borsada
    Binance Nasıl Üye Olunur
    Tumblr Takipçi Hilesi

    ReplyDelete
  30. A0CD0IgnacioCA337February 10, 2024 at 12:56 PM

    A7ACD
    avalaunch
    pancakeswap
    layerzero
    pudgy penguins
    satoshivm
    zkswap
    pancakeswap
    uwulend finance
    poocoin

    ReplyDelete
  31. 87751Heather9D297February 10, 2024 at 6:47 PM

    3A6F5
    sushiswap
    phantom wallet
    uwulend finance
    thorchain
    debank
    quickswap
    pancakeswap
    zkswap
    dexview

    ReplyDelete

Subscribe to: Post Comments (Atom)