Tuesday, May 11, 2010

How to put CDATA into script tag in XSLT

You have an XSL template for the website you are working on and you would like to embed some JavaScript in the markup. You care so you would like to keep the XHTML output valid. Easy enough - all it takes is wrapping the actual JavaScript code with CDATA. To make it safe you would also add JS comments around CDATA and move on. But is it really that easy with XSL? Let's have a look.

XSL template for JavaScript

Here is the working solution which allows for safe embedding JavaScript on XHTML pages created with XSL templates.

Example 0
<?xml version="1.0" encoding="UTF-8"?>
<xsl:transform version="1.0"
    xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
    <xsl:output
        method="xml"
        encoding="utf-8"
        doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN"
        doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
        indent="yes"
        cdata-section-elements=""
        omit-xml-declaration="yes" />
 
    <xsl:template name="javascript">
        <xsl:param name="code"/>
            <xsl:text disable-output-escaping="yes">
            &lt;script type="text/javascript"&gt;
            /* &lt;![CDATA[ */ </xsl:text>
            <xsl:value-of select="$code" disable-output-escaping="yes"/>
            <xsl:text disable-output-escaping="yes">
            /* ]]&gt; */
            &lt;/script&gt;
            </xsl:text>
    </xsl:template>
        
    <xsl:template match="/">
        <html>
            <body>
                <xsl:call-template name="javascript">
                    <xsl:with-param name="code">
                        <![CDATA[
                        if (1 > 2) {}
                        ]]>
                    </xsl:with-param>
                </xsl:call-template>
            </body>
        </html>
    </xsl:template>
</xsl:transform>
The above example will output:
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <body>
  4. <script type="text/javascript">
  5. /* <![CDATA[ */
  6. if (1 > 2) {}
  7.  
  8. /* ]]> */
  9. </script>
  10. </body>
  11. </html>
  12.  

Can it be simpler?

Let's start off with the most intuitive approach - add CDATA inside script tag as you would in XHTML.

Example 1
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <xsl:transform version="1.0"
  3. xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
  4. <xsl:output
  5. method="xml"
  6. encoding="utf-8"
  7. doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN"
  8. doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
  9. indent="yes"
  10. cdata-section-elements=""
  11. omit-xml-declaration="yes" />
  12.  
  13. <xsl:template match="/">
  14. <html>
  15. <body>
  16. <script type="text/javascript">
  17. /* <![CDATA[ */
  18. if (1 < 2) {}
  19. /* ]]> */
  20. </script>
  21. </body>
  22. </html>
  23. </xsl:template>
  24. </xsl:transform>
The above example will output:
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <body>
  4. <script type="text/javascript">
  5. /* */
  6. if (1 &lt; 2) {}
  7. /* */
  8. </script>
  9. </body>
  10. </html>
  11.  

CDATA got stripped off and the < sign got replaced with &lt;. Of course! CDATA as an XML specific construct is interpreted in XSL as well. And that helps - try to remove CDATA from the following example and you will see an error. Good old < is the source of trouble here - without CDATA around, it makes XML invalid.

The interpreted CDATA should stay then but another CDATA is required in the output. xls:output has an option which allows to wrap content of certain tags with CDATA. However if you set it up to wrap up content of script tags with CDATA (the rest of the code like in example 1) you will not get what you need. Let's have a look.

Example 2
  1. cdata-section-elements="script"
The above example will output:
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <body>
  4. <script type="text/javascript">
  5. <![CDATA[
  6. /* */
  7. if (1 < 2) {}
  8. /* */
  9. ]]>
  10. </script>
  11. </body>
  12. </html>
  13.  

Ok, now there is CDATA in the output but it is not safely commented out. And it does not seem possible to get it that way. And how about creating CDATA explicitly as a text? Maybe with disabled output escaping that would work? Let's see.

Example 3
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <xsl:transform version="1.0"
  3. xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
  4. <xsl:output
  5. method="xml"
  6. encoding="utf-8"
  7. doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN"
  8. doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
  9. indent="yes"
  10. cdata-section-elements=""
  11. omit-xml-declaration="yes" />
  12.  
  13. <xsl:template match="/">
  14. <html>
  15. <body>
  16. <script type="text/javascript">
  17. <xsl:text disable-output-escaping="yes">
  18. /* &lt;![CDATA[ */
  19. </xsl:text>
  20. <![CDATA[
  21. if (1 < 2) {}
  22. ]]>
  23. <xsl:text disable-output-escaping="yes">
  24. /* ]]&gt; */
  25. </xsl:text>
  26. </script>
  27. </body>
  28. </html>
  29. </xsl:template>
  30. </xsl:transform>
The above example will output:
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <body>
  4. <script type="text/javascript">
  5. /* <![CDATA[ */
  6.  
  7. if (1 &lt; 2) {}
  8.  
  9. /* ]]> */
  10. </script>
  11. </body>
  12. </html>
  13.  

That's definitely some progress, CDATA is in place. Now the &lt; in the JavaScript code should become < again. Why not to put the whole JavaScript code into another xsl:text tag with disable escaping? Well, that's why:

Example 4
  1. <script type="text/javascript">
  2. <xsl:text disable-output-escaping="yes">
  3. /* &lt;![CDATA[ */
  4. </xsl:text>
  5. <xsl:text disable-output-escaping="yes">
  6. <![CDATA[
  7. if (1 < 2) {}
  8. ]]>
  9. </xsl:text>
  10. <xsl:text disable-output-escaping="yes">
  11. /* ]]&gt; */
  12. </xsl:text>
  13. </script>
The above example will output:
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <body>
  4. <script type="text/javascript">
  5. /* <![CDATA[ */
  6.  
  7.  
  8. if (1 &lt; 2) {}
  9.  
  10.  
  11. /* ]]> */
  12. </script>
  13. </body>
  14. </html>
  15.  

Is it a dead end or maybe xsl:text element is not the best choice after all? It has to be something with disable-output-escaping attribute. Another such an element is xsl:value-of. Assuming that the JavaScript code exists only in the template and not in the processed XML structure, value-of needs an xsl:variable to read value from.

Example 5
  1. <xsl:variable name="s1">
  2. <![CDATA[
  3. if (1 < 2) {}
  4. ]]>
  5. </xsl:variable>
  6. <script type="text/javascript">
  7. <xsl:text disable-output-escaping="yes">
  8. /* &lt;![CDATA[ */
  9. </xsl:text>
  10. <xsl:value-of select="$s1" disable-output-escaping="yes"/>
  11. <xsl:text disable-output-escaping="yes">
  12. /* ]]&gt; */
  13. </xsl:text>
  14. </script>
The above example will output:
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <body>
  4. <script type="text/javascript">
  5. /* <![CDATA[ */
  6.  
  7. if (1 < 2) {}
  8.  
  9. /* ]]> */
  10. </script>
  11. </body>
  12. </html>
  13.  

And that worked! It is not very flexible solution, though. Defining variable for every JavaScript in the template seems to be acceptable only if necessary. Luckily xsl:value-of can also read value of a parameter passed to an xsl:template. That's how I got to the template you can find at the top of the page.

Thank you for reading. I hope you found it useful.

Update - 21.05.2010

At the beginning the template looked like this:

  1. <xsl:template name="javascript">
  2. <xsl:param name="code"/>
  3. <script type="text/javascript">
  4. <xsl:text disable-output-escaping="yes">
  5. /* &lt;![CDATA[ */ </xsl:text>
  6. <xsl:value-of select="$code" disable-output-escaping="yes"/>
  7. <xsl:text disable-output-escaping="yes">
  8. /* ]]&gt; */
  9. </xsl:text>
  10. </script>
  11. </xsl:template>

However it turned out that on some PHP installations XSLT adds CDATA inside <script> tag even if it's not specified in the <xsl:output>. Therefore <script> tag has to be generated as a text rather than being part of interpreted XML.

Jacek

3 comments:

  1. Hello,

    You can also have a look at my solution which work in all major browsers (IE, Firefox, Chrome, Opera):
    http://www.gabsoftware.com/tips/extending-xhtml-with-xml-xsl-transformations-entities-cdata-sections-javascript/

    ReplyDelete
  2. What if you need to use XSLT tags within the "code" param?

    For example:

    < xsl:call-template name="javascript" >
    < xsl:with-param name="code" >
    < ![CDATA[
    var x = < xsl:value-of select="$x"/ >
    var y = < xsl:value-of select="$y"/ >
    if (x > y) {}
    ]]>
    < /xsl:with-param >
    < /xsl:call-template >

    ReplyDelete
  3. Thank you so much for this! I've been fiddling with this issue all morning.

    ReplyDelete