aspose file tools*
The moose likes XML and Related Technologies and the fly likes url encryption call from hidden parameter in xsl not working Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Engineering » XML and Related Technologies
Bookmark "url encryption call from hidden parameter in xsl not working" Watch "url encryption call from hidden parameter in xsl not working" New topic
Author

url encryption call from hidden parameter in xsl not working

Michele Smith
Ranch Hand

Joined: Oct 27, 2010
Posts: 421
Hello, I have an xsl stylesheet which is creating a querystring on another page. The problem is I cannot encrypt the hidden parameter on the querystring, /this despite 100s of hours testing and other activity.

Here is a little snippet, it is utilizing the esapi-2.-0.1.jar from maven.

If anything jumps out, please lemme know,

Thanks,

<tr height="5%" border="0" valign="top">
<TD height="1000px" width="20%"/>
<TD align="leftmargin" valign="bottom">
<IMG>
<xsl:attribute name="src">
<xsl:value-of select="$image-root"/>standardArrow2.gif</xsl:attribute>
</IMG>
<A class="sharingHomeText" target="_blank">
<xsl:attribute name="href">/xsl/testpage4.jsp?&userId=<xsl:value-of select="Esapi:encryptHiddenField(FinanceReports/state/userid)"/>&homeid=<xsl:value-of select="FinanceReports/state/homeid"/>&parentId=<xsl:value-of select="FinanceReports/state/parentid"/>&mode=<xsl:value-of select="FinanceReports/state/mode"/></xsl:attribute>
Test Page for Various URL Encryption (Any)</A>
</TD>
</tr>
g tsuji
Ranch Hand

Joined: Jan 18, 2011
Posts: 547
    
    3
[1] The ampersand & should be escaped to &amp;.
[2] The first field userId should not be started with an ampersand.
[3] Instead of making xsl:attribute, A and IMG of mixed content type, you could make good use of concat() function and xsl:text element to make their semantic construction clearer, as far as I am concerned. But, if you like you can do it your way.

ps: &_amp; above should be read without the underscore '_'. The forum cannot render that literal properly!
pps: The TR and TD's attributes like height, width, vlign etc should be kept as what op has posted. The forum eliminates some of them automatically in the code block: that is against my intention.
Michele Smith
Ranch Hand

Joined: Oct 27, 2010
Posts: 421
THANK YOU!!!

I think you helped me tremendously, however, I just have one issue:

root cause

java.lang.NullPointerException
org.apache.xalan.transformer.TransformerImpl.setParameter(TransformerImpl.java:1558)
org.apache.xalan.transformer.TransformerImpl.setParameter(TransformerImpl.java:1606)

I have an old .jar file for xalan.

Any ideas on this one?

Thanks,
Michele
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18987
    
    8

g tsuji wrote:ps: &_amp; above should be read without the underscore '_'. The forum cannot render that literal properly!


Sure it can, you just have to escape it correctly. The forum uses the normal HTML rules.

So if you want an ampersand by itself, you have to escape it like this: "&amp;"

And if you want to tell somebody how to do that escaping, you have to escape it twice, like this: "&amp;amp;"

(Although perhaps it works differently inside the code tags?)

And also, there's the "Preview" button which is very handy for making sure you escape things the right number of times.
Michele Smith
Ranch Hand

Joined: Oct 27, 2010
Posts: 421
I tried to do it but it keeps sayiing xpath is invalid. I feel like I am really close, but don't know what to do:

g tsuji
Ranch Hand

Joined: Jan 18, 2011
Posts: 547
    
    3
What are you trying to put with two ? in the uri. You can have one question mark signifying you are meant to script afterward components of field/value pairs. If question marks happen to be inside the querystring, you have to escape it with say %3F. Also again why ampersand is still like that?
g tsuji
Ranch Hand

Joined: Jan 18, 2011
Posts: 547
    
    3
If ampersand need double escape inside the code block, that means the plug-in for the code block is wrongly conceived or is out-dated. If a person who programs cannot use copy-and-paste to post codes into the code block without further editing, the code block plug-in is wrong. People who manages the forum will do a real service to members if they rectify that short-coming rather than explain it away. That is my opinion.
Michele Smith
Ranch Hand

Joined: Oct 27, 2010
Posts: 421
I am not an xml expert. I apologize to you and to the forum for this. I am merely trying to implement this solution and I am afraid that I have exhausted the resources of the dev-esapi forums. I sincerely appreciate your comments and will try to rectify my code over the weekend. Thank you for your help, I read my log on JBoss and I can tell that because of what you have done by helping me that I am very close to having this resolved.

I will post something later on this weekend by Sunday at midnite.

Best Regards,
Michele
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: url encryption call from hidden parameter in xsl not working