Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > XML > XSLT
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
XSLT General questions and answers about XSLT. For issues strictly specific to the book XSLT 1.1 Programmers Reference, please post to that forum instead.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the XSLT section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old April 3rd, 2012, 11:36 AM
Authorized User
Points: 138, Level: 2
Points: 138, Level: 2 Points: 138, Level: 2 Points: 138, Level: 2
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: May 2009
Posts: 32
Thanks: 0
Thanked 0 Times in 0 Posts
Default Masking Data inside CData

Hi Folks,
I am looking for a solution as to how I can mask some data that is part of a CDATA element.

My currently implemented xslt-1 script works fine when my xml element/attribute is not placed inside cdata, for example, in the following xml snippet, I masked <CreditCardNumber> element's data:

Input XML:

Code:
<?xml version="1.0" encoding="UTF-8"?>
<fareRequest da="true">
<vcrs>
  <vcr>U2</vcr>
</vcrs>
<fareTypes/>
<tourOps/>
<flights>
  <flight depApt="SXF" depDate="2012-04-19" dstApt="BUD"/>
  <flight depApt="BUD" depDate="2012-04-25" dstApt="SXF"/>
</flights>
<CreditCardNumber>123456123</CreditCardNumber>
<limit>20</limit>
<offset>0</offset>
<waitOnList>
  <waitOn>ALL</waitOn>
</waitOnList>
<coses/>
</fareRequest>
XSLT-1 Script:

Code:
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.2" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:ota="http://www.opentravel.org/OTA/2003/05" xmlns:anyway="http://anyway.com/webservices/" xmlns:k="http://webservices.kuoni.ch" xmlns:xft="http://www.exchangefortravel.org/xft/current" xmlns:tu="http://tempuri.org/" xmlns:jet2="http://Jet2.Com/External/2009/01/V4">
<xsl:output encoding="UTF-8" version="1.0" method="xml" indent="yes" cdata-section-elements="anyway:request k:request k:ForwardRequestResult xft:NameText xft:Description xft:URL xft:From xft:To xft:Code tu:XRq tu:ProcessTransactionXFTUResult libelle nom prenom adresse1 ville pays email"/>
<xsl:strip-space elements="*"/>
<!--add coma separated element names without namespace prefix to be masked, dont remove first coma! -->
<xsl:param name="names">!,Number,CCV,cc_number,cc_cvv,AccountNumber,CardSecurityCode,card_number,options,CreditCardNumber,CardNumber,IssueNumber,SecurityCode,</xsl:param>
<xsl:template match="/">
  <xsl:apply-templates select="node()"/>
</xsl:template>
<xsl:template match="@*">
  <xsl:variable name="attr-name" select="concat(',' , local-name() , ',')"/>
  <xsl:attribute name="{name()}" namespace="{namespace-uri()}">
   <xsl:choose>
    <xsl:when test="string-length(substring-before($names, $attr-name)) > 0">
     <xsl:call-template name="mask"/>
    </xsl:when>
    <xsl:otherwise>
     <xsl:value-of select="."/>
    </xsl:otherwise>
   </xsl:choose>
  </xsl:attribute>
</xsl:template>
<xsl:template match="text()">
  <xsl:copy/>
</xsl:template>
<xsl:template match="*">
  <xsl:variable name="el-name" select="concat(',' , local-name(), ',')"/>
  <xsl:choose>
   <xsl:when test="string-length(substring-before($names, $el-name)) > 0">
    <xsl:element name="{name()}" namespace="{namespace-uri()}">
     <xsl:call-template name="mask"/>
    </xsl:element>
    <xsl:apply-templates select="@*"/>
    <xsl:apply-templates select="*"/>
   </xsl:when>
   <xsl:otherwise>
    <xsl:element name="{name()}" namespace="{namespace-uri()}">
     <xsl:apply-templates select="@*"/>
     <xsl:apply-templates/>
    </xsl:element>
   </xsl:otherwise>
  </xsl:choose>
</xsl:template>
<xsl:template name="index-of">
  <xsl:param name="param1"/>
  <xsl:param name="param2"/>
  <xsl:value-of select="string-length(substring-before(concat(' ' ,$param1), $param2))"/>
</xsl:template>
<xsl:template name="mask">
  <xsl:variable name="length" select="string-length(.)"/>
  <xsl:choose>
   <xsl:when test="$length > 3">
    <xsl:value-of select="concat ('************', substring(.,$length - 1, 2))"/>
   </xsl:when>
   <xsl:when test="$length > 1">***</xsl:when>
   <xsl:otherwise/>
  </xsl:choose>
</xsl:template>
</xsl:stylesheet>
Output XML:

Code:
<?xml version="1.0" encoding="UTF-8"?>
<fareRequest da="true">
<vcrs>
  <vcr>U2</vcr>
</vcrs>
<fareTypes/>
<tourOps/>
<flights>
  <flight depApt="SXF" depDate="2012-04-19" dstApt="BUD"/>
  <flight depApt="BUD" depDate="2012-04-25" dstApt="SXF"/>
</flights>
<CreditCardNumber>************23</CreditCardNumber>
<limit>20</limit>
<offset>0</offset>
<waitOnList>
  <waitOn>ALL</waitOn>
</waitOnList>
<coses/>
</fareRequest>
In the above example <CreditCardNumber>************23</CreditCardNumber> is masked properly.

But when in my XML, I have the following scenario:

Code:
<?xml version="1.0" encoding="UTF-8"?>
<fareRequest da="true">
<vcrs>
  <vcr>U2</vcr>
</vcrs>
<fareTypes/>
<tourOps/>
<flights>
  <flight depApt="SXF" depDate="2012-04-19" dstApt="BUD"/>
  <flight depApt="BUD" depDate="2012-04-25" dstApt="SXF"/>
</flights>
<![CDATA[<CreditCardNumber>123456123</CreditCardNumber>]]>
<limit>20</limit>
<offset>0</offset>
<waitOnList>
  <waitOn>ALL</waitOn>
</waitOnList>
<coses/>
</fareRequest>
That is <CreditCardNumber> inside CDATA, the script does not mask the data. Or in other words, everything that is contained inside CDATA, is ignored because it is not considered as an element or attribute by the xslt processor.

Could somebody help me out in fixing this problem?

Please note that my script is in XSLT 1.

Thanks.
Reply With Quote
  #2 (permalink)  
Old April 3rd, 2012, 11:50 AM
mhkay's Avatar
Wrox Author
Points: 17,773, Level: 58
Points: 17,773, Level: 58 Points: 17,773, Level: 58 Points: 17,773, Level: 58
Activity: 8%
Activity: 8% Activity: 8% Activity: 8%
 
Join Date: Apr 2004
Location: Reading, Berks, United Kingdom.
Posts: 4,839
Thanks: 0
Thanked 267 Times in 262 Posts
Default

The only clean fix is to remove the CDATA section. CDATA says "the stuff in here is pure text, it does not contain markup". If it does contain markup, don't put it in CDATA.

If you can't fix the XML at source, then preprocess it to get rid of the CDATA that should never have been there in the first place. I would even contemplate doing this with a non-XML tool such as sed/awk.
__________________
Michael Kay
http://www.saxonica.com/
Author, XSLT 2.0 and XPath 2.0 Programmer\'s Reference
Reply With Quote
  #3 (permalink)  
Old April 3rd, 2012, 12:02 PM
Authorized User
Points: 138, Level: 2
Points: 138, Level: 2 Points: 138, Level: 2 Points: 138, Level: 2
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: May 2009
Posts: 32
Thanks: 0
Thanked 0 Times in 0 Posts
Default

the problem is that I cannot change the xml, we have to send it as it is to the client.

It is our internal reqirement that we log every request that is being sent out of our system, but incase, there is CC or any such information in the request xml, we're not supposed to store it, rather mask it first and then store.
Reply With Quote
  #4 (permalink)  
Old April 3rd, 2012, 12:05 PM
Authorized User
Points: 138, Level: 2
Points: 138, Level: 2 Points: 138, Level: 2 Points: 138, Level: 2
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: May 2009
Posts: 32
Thanks: 0
Thanked 0 Times in 0 Posts
Default

secondly, we could have different types of xml containing maskable data and I need one point of entry for all those requests to be masked before being logged.

A request based solution would be difficult to maintain.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to parse the html contents inside a CDATA elements vijaychhipa XSLT 3 September 23rd, 2011 06:01 AM
Reading XML data with CDATA in it. codehelp C# 2008 aka C# 3.0 1 September 3rd, 2009 08:11 AM
Render HTML inside CDATA with XSL c2c XSLT 0 September 10th, 2006 11:10 AM
Masking jmss66 Classic ASP Basics 2 September 9th, 2003 03:40 PM



All times are GMT -4. The time now is 01:58 PM.


Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.