I have string I'd like to escape for use in an XPath query. In C# I am able to do this using a call to SecurityElement.Escape. Is there an equivalent call in classic ASP?
views:
187answers:
1
+3
A:
No, you'll need to deal with string escape yourself.
xpath = "//node[@attribute='" & SecurityElementEscape(value) & "']"
Function SecurityElementEscape(value)
SecurityElementEscape =
Replace(Replace(Replace(Replace(Replace(value,
"&" , "&" ), '' // must be first one
"<" , "<" ),
">" , ">" ),
"""", """),
"'" , "'")
End Function
Rubens Farias
2010-01-27 16:56:34
Damn. Thought I might have to do that. Thanks.
Rob Segal
2010-01-27 17:16:14
I should be surprised if escaping to `'` etc. worked, since this are XML entities that have no meaning in XPath.
Tomalak
2010-01-27 17:50:49
@Tomalak: +1 Yes I'm surprised that Rob has found this to work.
AnthonyWJones
2010-01-27 18:19:04
@Tomalak: Tested in VBScript against MSXML6, doesn't work.
AnthonyWJones
2010-01-27 18:24:58
@AnthonyWJones: It (`//node[@attribute='bla ' bla'`) *would* work, if the XML goes like `<node attribute="bla ' bla" />` ;-)
Tomalak
2010-01-27 18:31:51
My mistake: first version I was escaping `'` but so I came across http://msdn.microsoft.com/en-us/library/system.security.securityelement.escape.aspx and changed this code without proper testing
Rubens Farias
2010-01-27 19:09:10