Summary: Do not use complex inline JavaScript in XSLT-generated web pages
If you're using XSLT to produce full-blown (X)HTML pages from XML documents (more about that in one of my upcoming articles for www.InformIT.com), you'll sooner or later need a bit of inline JavaScript code in the final web page. As you know, you cannot use bare less-than-sign (<) in an XML document and you cannot use < quoting in JavaScript embedded in <script> tags in traditional HTML page.
Apart from migrating all JavaScript code in a separate .js file (which is the best solution anyway) or using tricks to avoid < and & in the JavaScript code, the only way to make things work (at least in some modern XHTML-aware browsers) is to structure the web page to be XHTML-compliant with proper <!DOCTYPE> declaration and <html xmlns="http://www.w3.org/1999/xhtml"> root element. When the browsers recognize a page as XHTML-compliant page, they might be willing to transform < escape within the <script> tag into less-than sign (works for Opera, but not for Firefox).
Reading the XSLT-related standards, one would get an impression that using the <xsl:output method="html" /> command should force the transformation engine to write pure text instead of XML escapes within the <script> tag. However, it's almost impossible to force all the XSLT transformation engines being used today to do it properly (for example, it looks like MSXML engine on the IIS server simply ignores it).
Apart from migrating all JavaScript code in a separate .js file (which is the best solution anyway) or using tricks to avoid < and & in the JavaScript code, the only way to make things work (at least in some modern XHTML-aware browsers) is to structure the web page to be XHTML-compliant with proper <!DOCTYPE> declaration and <html xmlns="http://www.w3.org/1999/xhtml"> root element. When the browsers recognize a page as XHTML-compliant page, they might be willing to transform < escape within the <script> tag into less-than sign (works for Opera, but not for Firefox).
Reading the XSLT-related standards, one would get an impression that using the <xsl:output method="html" /> command should force the transformation engine to write pure text instead of XML escapes within the <script> tag. However, it's almost impossible to force all the XSLT transformation engines being used today to do it properly (for example, it looks like MSXML engine on the IIS server simply ignores it).
No comments:
Post a Comment