From a44739109bb494a3fd60b2039f584da19ebca541 Mon Sep 17 00:00:00 2001 From: Andrew Cornford Date: Thu, 1 Apr 2021 12:35:56 +0100 Subject: [PATCH 1/2] Fix form not populated with XML if minOccurs=0 --- js/html-populators.xsl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/html-populators.xsl b/js/html-populators.xsl index f02409e..334e3c6 100644 --- a/js/html-populators.xsl +++ b/js/html-populators.xsl @@ -36,7 +36,7 @@ //check for input elements existing to handle empty elements && o.previousElementSibling.previousElementSibling.querySelector("input, textarea, select") //check if element has been populated with data from an xml document - && !o.previousElementSibling.previousElementSibling.querySelector("input, textarea, select").hasAttribute("data-xsd2html2xml-filled")) { + && Array.from(o.previousElementSibling.previousElementSibling.querySelectorAll("input, textarea, select")).filter(function(el) {return el.hasAttribute("data-xsd2html2xml-filled")}).length == 0) { clickRemoveButton( o.parentElement.children[0].querySelector("legend > button.remove, span > button.remove") ); From 3f0d3ce393b4ea19d12c9e1ec3b1870a71d2ea31 Mon Sep 17 00:00:00 2001 From: Andrew Cornford Date: Thu, 1 Apr 2021 13:50:09 +0100 Subject: [PATCH 2/2] Attribute and element values are now escaped (&, <, >, ") for default types (not date related, file, checkbox or range) --- handlers/default-types.xsl | 2 +- js/xml-generators.xsl | 18 +++++++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/handlers/default-types.xsl b/handlers/default-types.xsl index f288e87..60b7be0 100644 --- a/handlers/default-types.xsl +++ b/handlers/default-types.xsl @@ -86,7 +86,7 @@ this.setAttribute("value", "prefix".concat(this.value).concat("abbreviation")); this.previousElementSibling.textContent = this.value; - if (this.value) { this.setAttribute("value", this.value.replace(/\s/g, " ").replace(/\s+/g, " ").trim()); } else { this.removeAttribute("value"); }; + if (this.value) { this.setAttribute("value", escapeContent(this.value).replace(/\s/g, " ").replace(/\s+/g, " ").trim()); } else { this.removeAttribute("value"); }; diff --git a/js/xml-generators.xsl b/js/xml-generators.xsl index e741f16..1a152fc 100644 --- a/js/xml-generators.xsl +++ b/js/xml-generators.xsl @@ -116,7 +116,7 @@ case "gyearmonth": return node.getElementsByTagName("input")[0].getAttribute("value"); default: - return node.getElementsByTagName("input")[0].value; + return escapeContent(node.getElementsByTagName("input")[0].value); } } } else if (node.getElementsByTagName("select").length != 0) { @@ -132,6 +132,22 @@ } else if (node.getElementsByTagName("textarea").length != 0) { return node.getElementsByTagName("textarea")[0].value; } + }; + + var characterToXmlSafe = { + "<": "&lt;", + ">": "&gt;", + "&": "&amp;", + "\"": "&quot;", + "'": "&apos;" /* This doesn't seem to work, so turned off in escapeContent function */ + }; + + var escapeContent = function(content) + { + return content.replace(/[<>&"]/g, function(character) + { + return characterToXmlSafe[character]; + }); }