xslt, javascript and unescaped html entities

Question

i have a tiny little problem with xslt, js and html entities, eg. within a template:

<script type="text/javascript">
    <xsl:value-of select="/some/node"/>
    for (var i = 0; i &lt; 5; i++) {
        //            ^^^ js error
    }
</script>

<script type="text/javascript">
    <xsl:value-of select="/some/node"/>
    for (var i = 0; i < 5; i++) {
        //            ^ xslt error
    }
</script>

<script type="text/javascript">
    <xsl:value-of select="/some/node"/>
    // <![CDATA[
    for (var i = 0; i < 5; i++) {
        //            ^ becomes &lt;
    }
    // ]]>
</script>


<script type="text/javascript">
    <xsl:value-of select="/some/node"/>
    for (var i = 0; i <xsl:value-of disable-output-escaping="yes" select="string('&lt;')"/> 5; i++) {
        // works of course
    }
</script>

does anyone have an idea where my problem could come from? i always thought the xslt processor would leave the content of a <script/> element unescaped when using the html output method ...

i run libxslt2 version 1.1.24 on OSX which was installed using macportsports ...

Answer 1

Try removing the double slash before the CDATA of your third solution

Answer 2

i always thought the xslt processor would leave the content of a script element unescaped when using the html output method

You are correct: http://www.w3.org/TR/xslt#section-HTML-Output-Method

The html output method should not perform escaping for the content of the script and style elements.
For example, a literal result element written in the stylesheet as
    <script>if (a &lt; b) foo()</script>
or
    <script><![CDATA[if (a < b) foo()]]></script>
should be output as
    <script>if (a < b) foo()</script>

If your XSLT processor is doing otherwise, it's a bug.

However, in any case it's a good idea to avoid '<' and '&' in embedded scripts, and an even better idea to kick all the code out into a linked .js file.

Answer 3

ok. long story, short answer:

it seems that with some libxslt versions the xslt processor leaves the content of a <script/> element unescaped when using the html output method, with others not ... therefore the following is recommended:

<script type="text/javascript">
    <xsl:value-of select="/some/node"/>
    <xsl:text disable-output-escaping="yes">
        // ^ does the trick ...
        for (var i = 0; i < 5; i++) {
            //            ^ works
        }
    </xsl:text>
</script>

Answer 4

If the xsl:outpout method is html, the CDATA section would work. If the xsl:output method is xml, the < and > signs would still be converted.

To get around this problem, you may define the script element to not behave this way using the xsl:output element. you can also force the method of the output using xml or html

<xsl:output method="xml" cdata-section-elements="script" /> ... <script type="text/javascript" language="javascript"> <![CDATA[ for (var i = 0; i < foo.length; i++) { … } ]]&gt </script>