Escape html characters

escape special characters in xml format

<
&
>
'
"

How to treat an XML file that uses html characters?

I need to shoot a userlist to my web application, and which means to invoke a web service on the authentication server.  I managed to do exactly that, but the XML file, that I give myself to face looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body><ns1:getAllUserInfoResponse soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://web.ws">
<getAllUserInfoReturn xsi:type="soapenc:string" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
&lt;?xml version = '1.0'?&gt;
&lt;USER&gt;
&lt;ROW num=&quot;1&quot;&gt;
&lt;USER_ID&gt;25214&lt;/USER_ID&gt;
&lt;LOGIN_ID&gt;JDOE&lt;/LOGIN_ID&gt;
&lt;NAME_LAST&gt;JOHN&lt;/NAME_LAST&gt;
&lt;NAME_FIRST&gt;DOE&lt;/NAME_FIRST&gt;
&lt;NAME_MI&gt;Q&lt;/NAME_MI&gt;
&lt;NAME_FI&gt;A&lt;/NAME_FI&gt;
&lt;EMAIL&gt;[email protected]&lt;/EMAIL&gt;
&lt;OFFICE_PHONE&gt;5551212&lt;/OFFICE_PHONE&gt;
&lt;OFFICE_STREET1&gt;123 Main Street&lt;/OFFICE_STREET1&gt;
&lt;/ROW&gt; &lt;/USER&gt; 
( etc )
</getAllUserInfoReturn>
</ns1:getAllUserInfoResponse>
</soapenv:Body>
</soapenv:Envelope> 

I need to loop over that and get usernames, ID, rights, etc., but with her looking like that, I have my work cut out for me (I think).  I don't know if there is an easy way to replace the entities in an XML file (the docs seem to be down), and if there is, I don't know about it.

Any ideas?

BreakawayPaul wrote:

I need to loop over that and get usernames, ID, rights, etc., but with her looking like that, I have my work cut out for me (I think).  I don't know if there is an easy way to replace the entities in an XML file

Assuming that you already have the XML file using something like , then the following single line of code is sufficient:

<,>"') (, false) >.

Note, however, that your XML file will then contain an error. The processing instruction.", occurs twice.

Tags HTML and code displayed on the page of the App.

I'm working on Apex 4.2 on a group calendar page pre-packaged application 1

I have modified this code in the area of legend on page 1 and then noticed that when I did the raw html code was posted on the page instead of the data parsed html (see image)

I do not see the HTML tags and the code on the page? However when I replaced the modified code with the original code (as shown in the picture which is the original code) I still see HTML tags?

How can I fix the code in the legend area so the HTML is parsed and the display on the screen does not include HTML tags and or code on the page?

Richie V wrote:

I'm working on Apex 4.2 on a group calendar page pre-packaged application 1

I have modified this code in the area of legend on page 1 and then noticed that when I did the raw html code was posted on the page instead of the data parsed html (see image)

I do not see the HTML tags and the code on the page? However when I replaced the modified code with the original code (as shown in the picture which is the original code) I still see HTML tags?

How can I fix the code in the legend area so the HTML is parsed and the display on the screen does not include HTML tags and or code on the page?

Make sure the column attribute to display as is defined on the column Standard report and not display text (escape special characters, does not save the State).

Addition of HTML in the field of data entry of Client Application

4.2 my users was previously able to enter standard html controls in a field that is displayed in a single application read for other users.

Title: < b > Welcome > < /b > enterd by user in the form and recorded in the database.  Then another application pulls from the database to display information only.

4.2 welcome not appear "BOLD", but with the html tags before and after the welcome.

Joined the 4.2

4.2 displayed

Entered in 4.1

Posted in 4.1

This user has used this application for many years and a lot of html embedded in its text.  I am hoping that there is a quick fix here.  Any help would be appreciated.

Thank you.

Joyce

Change the report columns display "Display (escape special characters) text" Type to "Standard report column.

You can do it, but you must be aware of the security implications that opens upwards (i.e. XSS attacks).

Why did this after unwanted characters... value of apex 4.2 in the column data when combi

zycoz100 wrote:
Suppose I store this value stored in the set 2 text element is the output I have especially when I use.

JOSE/AB

It gets converted to
"Jose & x2FAb #

Why the junk of character between the two instead of / it becomes covered at & #xsf:

This fname and lastname field is added with suite of dynamic event.
INITCAP(:p200_title) | » '|| INITCAP(:P200_XNAME) | » '|| INITCAP(:p200_surname)

But if the value like / is present, then it gets converted special characters

What is the work around that since I name as ' BICEPS/001 ' THAT UNLUCKLY GETS CONVERTED TO BICEPS & xsf:001 #

I use the apex of db 11g 4.2

4.2 there is a new security Mode of escape HTML attribute, which is by default the value 'Extended '. You can find it under change Application Properties > Security > browser security. The 'Basic' Setup may revert to the previous behavior. (This parameter may not be visible if change the properties of Application > properties > Compatibility Mode is not the value * 4.2.)

See also + {message identifier: = 10600041} +.

How to create checkbox with HTML in the labels?

Hello

Yes you can do it. You just need to set * "Escape special characters" = No * in the area of 'Security' of the page box point you. But please be aware that this change could make your application vulnerable to XSS attacks in the case if users are allowed to enter data into the table that is used to fill the entries in the box.

Concerning
Patrick
-----------
My Blog: http://www.inside-oracle-apex.com
APEX Plug-Ins: http://apex.oracle.com/plugins
Twitter: http://www.twitter.com/patrickwolf

Apex 4.2 - column HTML expression

  decode(some_col,NULL,NULL,'class="foo"') foo

 <img #FOO# src="/i/menu/add-small.png"/>

 <img class="foo" src="/i/menu/add-small.png"/>

 <img class=""foo"" src="/i/menu/add-small.png"/>

Hi Vikas,

can you please check what type of ' display under "your column"foo"is. Is - this "show as text (escape special characters, no State not sure)".

For security reasons (to avoid possible XSS attacks), need to improve automatic column values avoidance, if a column is used as the value of substitution (in expressions of HTML and other places). Type "display as" the substitute column defines if the value must be escaped before replacement or if it should be used without change. So in your case if you change your column "foo" to "* Standard report column *" you should get 'foo' without the quotes escaped. To my knowledge, this security change was introduced in APEX 4.1.

If I'm on the wrong track and it's not your symtom, can you please create a test on apex.oracle.com case.

Concerning
Patrick
-----------
My Blog: http://www.inside-oracle-apex.com
APEX Plug-Ins: http://apex.oracle.com/plugins
Twitter: http://www.twitter.com/patrickwolf

Help Popup not rendered HTML based on the referenced element.

Ah, now I understand!

So I think the problem is, when you click the label, he calls a procedure that returns the text of help via AJAX. In my view, this procedure escapes html tags, and from what I can tell, there is no setting to disable. :( Even if you load classic help, these tags are also escaped. There may be tweaks that I don't know, but I looked into the security of the shared components section, but nada.

So a possible solution?

If you look at the label, you'll see that it links to the following function:

function popupFieldHelp(b,a){
     if(!$x("pScreenReaderMode")){
          apex.jQuery.getJSON("wwv_flow_item_help.show_help?p_item_id="+b+"&p_session="+a+"&p_output_format=JSON",
          function(c){
               var d=apex.jQuery("#apex_popup_field_help");
               if(d.length===0){d=apex.jQuery('
'+c.helpText+"
");
                    d.dialog({title:c.title,bgiframe:true,width:500,height:350,show:"drop",hide:"drop"})
               }
               else{
                    d.html(c.helpText).dialog("option","title",c.title).dialog("open")
               }
          })
     }else{
               popupFieldHelpClassic(b,a)
     }
     return
}

A quick and dirty solution would be to replace the escape with their html tags characters so that it is rendered correctly

that is, add the following:

               c.helpText = c.helpText.replace(/</g, '<');
               c.helpText = c.helpText.replace(/>/g, '>');

-These forums are not keep what I write here, I'm sure you can understand what im speak well.

Of course, change the label template to point to your custom function.

The other solution I was going to suggest was to write your own application process that gets you some JSON - Martin D'Souza has written a blog on the use of the apex_util.json_from_sql; which is what you would probably use a query such as:

select label, item_help_text
from apex_application_page_items
where item_id = apex_application.g_x01

The problem is the text of the done element refers to another page, so it would return to the value chain e.g. & P12_ITEM. of course it wouldn't be to hard to get around.

for example, select replace (item_help_text, '&' | apex_application.g_x02 |'.) (', v (apex_application.g_x02)) item_help_text
of apex_application_page_items
where item_id = apex_application.g_x01

(not tested)

and then as a quick primer to a way of doing AJAX

1. create a htmldb_Get object: helpText var = new htmldb_Get (null, null, "APPLICATION_PROCESS = nom_processus");

Where nom_processus is the name of an application process that you create

2. Add the necessary parameters

helpText.addParam ("x 01', 'itemId')
helpText.addParam ("x 02', 'P12_ITEM')

This is to add temporary variables that can be reference via apex_application.g_f0x; the alternative is that you can add paremeters State session with

helpText.add ('nom_element', 'ITEM_VALUE') and get sent when you call the object's get() function.

3. get the JSON and parse
obj = JSON.parse (helpText.get ());

Then create the http://jqueryui.com/demos/dialog/ for the help dialog box

..

Well I hope that gives you some ideas / a starting point.

HTML tags in a text form field...

Read the section of the documentation on the Protection of Cross-Site Scripting (XSS).

If you are happy that data containing HTML that you want to expose with no risk, then in view of the Security value escape special characters notsection element.

Apex 4.0 based Collection rendered html page

SELECT rownum,
     apex_item.text( 1, c001, 3, 3),
     apex_item.text( 2, c002, 3, 3),
     apex_item.text( 3, c003, 3, 3),
     apex_item.text( 4, c004, 3, 3),
     apex_item.text( 5, c005, 4, 4),
     apex_item.text( 6, c006, 4, 4),
     apex_item.text( 7, c007, 3, 3),
     apex_item.text( 8, c008, 4, 4),
     apex_item.text( 9, c009, 4, 4),
     apex_item.text(10, c010, 3, 3),
     apex_item.text(11, c011, 4, 4),
     apex_item.text(12, c012, 4, 4)
FROM APEX_COLLECTIONS
WHERE COLLECTION_NAME = 'COUNTS'
;

<input type="text" name="f01" size="3" maxlength="3" value="1" /> <input type="text" name="f02" size="3" maxlength="3" value="5" />

Hi Marc,

You can have columns for your items of text set to escape special characters. Set the display as each of your text to report Standard columnobjects.

Hope this helps,
John

If you find this information useful, please do not forget to mark the 'useful' or 'correct' post so that others benefit as well.