Skip to Main Content
  • Questions

  • Generating XML without converting '&' to 'amp;'

Breadcrumb

Question and Answer

Tom Kyte

Thanks for the question, Andy.

Asked: June 02, 2002 - 8:18 pm UTC

Last updated: April 20, 2004 - 12:43 pm UTC

Version: 8.1.7

Viewed 1000+ times

You Asked

Hi Tom,

do you know of anyway of utilising the XDK to generate XML without certain characters being displayed as HTML entities.

An example of this would be any '&' being replaced with 'amp;'

Any help on this would be appreciated

Thanks

Andy

and Tom said...

When would you want to do this (as not escaping would result in "bad" XML).

They are not HTML entities, they are ISO entities and in this case, they are one of the 5 defined entities that must be escaped in XML

</code> http://wdvl.internet.com/Authoring/Languages/XML/XMLFamily/XMLSyntax/sall2_5.html <code>

A very strict rule of XML is:

<quote>
Note: You are required to use the predefined entities &lt; and &amp; to escape the characters < and & in all cases other than when these characters are used as markup delimiters, or in a comment, a processing instruction, or a CDATA section. In other words, the literal "<" and "&" characters can appear only as markup
</quote>

Since the only time you see CDATA with the XML XDK is when we use the DOM API's and you do it yourself (you would be doing the encoding) -- we must escape it (else the resulting document is just ascii text, not and XML document)


Rating

  (3 ratings)

Is this answer out of date? If it is, please let us know via a Comment

Comments

But what if we want to generate CDATA tags?

Sjaiswal, January 17, 2003 - 2:54 pm UTC

I have to enclose a column in CDATA tags for example..
select '<![CDATA[' || L.location_name || ']]>' from L.location

When I use this query in dbms_xmlgen.newContext() The output clob shows as

<Location_Name>&lt;![CDATA[Kirchliches Begegnungszentrum Karow ]]&gt;</Location_Name>

It should display as

<Location_Name><![CDATA[Kirchliches Begegnungszentrum Karow ]]></Location_Name>

What should be done to get the '<' and '>' characters in this case

Tom Kyte
January 17, 2003 - 3:53 pm UTC

if you read above -- you'll be doing it yourself.

Think about it -- we cannot do both -- not escape and escape. You want generic and easy - it works as documented. You need specialized and "just for you", you'll be participating a little more.

What if location_name = 'Greatest Place <as far as I know> On Earth'



HTML Tags

Mir, April 19, 2004 - 6:52 pm UTC

Tom,

I have a HTML Form which accepts a research statment (this is formatted HTML) if i store a </textarea> tag in it. It breaks when i want to edit my data. because of the </textarea> tag. How can i avoid this.

----
procedure biopage(
pnid number default null
)
is
--
cursor c_data (pnid number) is
select firstname, lastname, research_statement
from biotable
where bioid = pnid;
--
mv_firstname varchar2(255);
mv_lastname varchar2(255);
mv_stmt varchar2(4000);
--
begin
--
if pnid is not null then
for i in c_data(pnid) loop
mv_firstname := i.firstname;
mv_lastname := i.lastname;
mv_stmt := i.research_statement;
end loop;
end if;
--
htp.htmlopen;
htp.headopen;
htp.title('Bio Page'));
htp.headclose;
htp.bodyopen;
--
htp.p('<form name="bioform" method="post" action="biopagepost">');
--
htp.p('<table border="0" cellspacing="0" cellpadding="2">');
--
htp.p('<tr>');
htp.p('<td colspan="2" align="right">');
htp.p('<input type="submit" value="Submit">');
htp.p('<input type="reset" value="Reset">');
htp.p('<input type="button" value="Close" onclick="window.close()";>');
htp.p('</td>');
htp.p('</tr>');
--
htp.p('<input type=hidden name="bioid" value="'||pnid||'">');
--
htp.p('<tr>');
htp.p('<td class="formlabel">First Name:</td>');
htp.p('<td><input type=text name="pv_fn" value="'||mv_firstname||'"></td>');
htp.p('</tr>');
--
htp.p('<tr>');
htp.p('<td class="formlabel">Last Name:</td>');
htp.p('<td><input type=text name="pv_ln" value="'||mv_lastname||'"></td>');
htp.p('</tr>');
--
htp.p('<tr>');
htp.p('<td class="formlabel">Research Statement:</td>');
htp.p('<td><textarea name="pv_descr" rows="3" cols="50" wrap="virtual">'||mv_stmt||'</textarea></td>');
htp.p('</tr>');
--
htp.p('</table>');
--
htp.p('</form>');
--
htp.bodyclose;
htp.htmlclose;
--
end;
-----

Tom Kyte
April 19, 2004 - 7:40 pm UTC

you want to use htf.escape_sc() on all of the "text" fields that may contain HTML in them.


htp.p('<td><textarea name="pv_descr" rows="3" cols="50"
wrap="virtual">'|| HTF.ESCAPE_SC(mv_stmt) ||'</textarea></td>');

Thank U very much

Mir, April 20, 2004 - 12:43 pm UTC

saved my days of work.

more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's channel and Chris's channel from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.