Wrox Programmer Forums
Go Back   Wrox Programmer Forums > XML > XSLT
| Search | Today's Posts | Mark Forums Read
XSLT General questions and answers about XSLT. For issues strictly specific to the book XSLT 1.1 Programmers Reference, please post to that forum instead.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the XSLT section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
  #1 (permalink)  
Old April 3rd, 2012, 11:36 AM
Authorized User
Points: 138, Level: 2
Points: 138, Level: 2 Points: 138, Level: 2 Points: 138, Level: 2
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: May 2009
Posts: 32
Thanks: 0
Thanked 0 Times in 0 Posts
Default Masking Data inside CData

Hi Folks,
I am looking for a solution as to how I can mask some data that is part of a CDATA element.

My currently implemented xslt-1 script works fine when my xml element/attribute is not placed inside cdata, for example, in the following xml snippet, I masked <CreditCardNumber> element's data:

Input XML:

Code:
<?xml version="1.0" encoding="UTF-8"?>
<fareRequest da="true">
<vcrs>
  <vcr>U2</vcr>
</vcrs>
<fareTypes/>
<tourOps/>
<flights>
  <flight depApt="SXF" depDate="2012-04-19" dstApt="BUD"/>
  <flight depApt="BUD" depDate="2012-04-25" dstApt="SXF"/>
</flights>
<CreditCardNumber>123456123</CreditCardNumber>
<limit>20</limit>
<offset>0</offset>
<waitOnList>
  <waitOn>ALL</waitOn>
</waitOnList>
<coses/>
</fareRequest>
XSLT-1 Script:

Code:
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.2" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:ota="http://www.opentravel.org/OTA/2003/05" xmlns:anyway="http://anyway.com/webservices/" xmlns:k="http://webservices.kuoni.ch" xmlns:xft="http://www.exchangefortravel.org/xft/current" xmlns:tu="http://tempuri.org/" xmlns:jet2="http://Jet2.Com/External/2009/01/V4">
<xsl:output encoding="UTF-8" version="1.0" method="xml" indent="yes" cdata-section-elements="anyway:request k:request k:ForwardRequestResult xft:NameText xft:Description xft:URL xft:From xft:To xft:Code tu:XRq tu:ProcessTransactionXFTUResult libelle nom prenom adresse1 ville pays email"/>
<xsl:strip-space elements="*"/>
<!--add coma separated element names without namespace prefix to be masked, dont remove first coma! -->
<xsl:param name="names">!,Number,CCV,cc_number,cc_cvv,AccountNumber,CardSecurityCode,card_number,options,CreditCardNumber,CardNumber,IssueNumber,SecurityCode,</xsl:param>
<xsl:template match="/">
  <xsl:apply-templates select="node()"/>
</xsl:template>
<xsl:template match="@*">
  <xsl:variable name="attr-name" select="concat(',' , local-name() , ',')"/>
  <xsl:attribute name="{name()}" namespace="{namespace-uri()}">
   <xsl:choose>
    <xsl:when test="string-length(substring-before($names, $attr-name)) > 0">
     <xsl:call-template name="mask"/>
    </xsl:when>
    <xsl:otherwise>
     <xsl:value-of select="."/>
    </xsl:otherwise>
   </xsl:choose>
  </xsl:attribute>
</xsl:template>
<xsl:template match="text()">
  <xsl:copy/>
</xsl:template>
<xsl:template match="*">
  <xsl:variable name="el-name" select="concat(',' , local-name(), ',')"/>
  <xsl:choose>
   <xsl:when test="string-length(substring-before($names, $el-name)) > 0">
    <xsl:element name="{name()}" namespace="{namespace-uri()}">
     <xsl:call-template name="mask"/>
    </xsl:element>
    <xsl:apply-templates select="@*"/>
    <xsl:apply-templates select="*"/>
   </xsl:when>
   <xsl:otherwise>
    <xsl:element name="{name()}" namespace="{namespace-uri()}">
     <xsl:apply-templates select="@*"/>
     <xsl:apply-templates/>
    </xsl:element>
   </xsl:otherwise>
  </xsl:choose>
</xsl:template>
<xsl:template name="index-of">
  <xsl:param name="param1"/>
  <xsl:param name="param2"/>
  <xsl:value-of select="string-length(substring-before(concat(' ' ,$param1), $param2))"/>
</xsl:template>
<xsl:template name="mask">
  <xsl:variable name="length" select="string-length(.)"/>
  <xsl:choose>
   <xsl:when test="$length > 3">
    <xsl:value-of select="concat ('************', substring(.,$length - 1, 2))"/>
   </xsl:when>
   <xsl:when test="$length > 1">***</xsl:when>
   <xsl:otherwise/>
  </xsl:choose>
</xsl:template>
</xsl:stylesheet>
Output XML:

Code:
<?xml version="1.0" encoding="UTF-8"?>
<fareRequest da="true">
<vcrs>
  <vcr>U2</vcr>
</vcrs>
<fareTypes/>
<tourOps/>
<flights>
  <flight depApt="SXF" depDate="2012-04-19" dstApt="BUD"/>
  <flight depApt="BUD" depDate="2012-04-25" dstApt="SXF"/>
</flights>
<CreditCardNumber>************23</CreditCardNumber>
<limit>20</limit>
<offset>0</offset>
<waitOnList>
  <waitOn>ALL</waitOn>
</waitOnList>
<coses/>
</fareRequest>
In the above example <CreditCardNumber>************23</CreditCardNumber> is masked properly.

But when in my XML, I have the following scenario:

Code:
<?xml version="1.0" encoding="UTF-8"?>
<fareRequest da="true">
<vcrs>
  <vcr>U2</vcr>
</vcrs>
<fareTypes/>
<tourOps/>
<flights>
  <flight depApt="SXF" depDate="2012-04-19" dstApt="BUD"/>
  <flight depApt="BUD" depDate="2012-04-25" dstApt="SXF"/>
</flights>
<![CDATA[<CreditCardNumber>123456123</CreditCardNumber>]]>
<limit>20</limit>
<offset>0</offset>
<waitOnList>
  <waitOn>ALL</waitOn>
</waitOnList>
<coses/>
</fareRequest>
That is <CreditCardNumber> inside CDATA, the script does not mask the data. Or in other words, everything that is contained inside CDATA, is ignored because it is not considered as an element or attribute by the xslt processor.

Could somebody help me out in fixing this problem?

Please note that my script is in XSLT 1.

Thanks.
  #2 (permalink)  
Old April 3rd, 2012, 11:50 AM
mhkay's Avatar
Wrox Author
Points: 18,487, Level: 59
Points: 18,487, Level: 59 Points: 18,487, Level: 59 Points: 18,487, Level: 59
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Apr 2004
Location: Reading, Berks, United Kingdom.
Posts: 4,962
Thanks: 0
Thanked 292 Times in 287 Posts
Default

The only clean fix is to remove the CDATA section. CDATA says "the stuff in here is pure text, it does not contain markup". If it does contain markup, don't put it in CDATA.

If you can't fix the XML at source, then preprocess it to get rid of the CDATA that should never have been there in the first place. I would even contemplate doing this with a non-XML tool such as sed/awk.
__________________
Michael Kay
http://www.saxonica.com/
Author, XSLT 2.0 and XPath 2.0 Programmer\'s Reference
  #3 (permalink)  
Old April 3rd, 2012, 12:02 PM
Authorized User
Points: 138, Level: 2
Points: 138, Level: 2 Points: 138, Level: 2 Points: 138, Level: 2
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: May 2009
Posts: 32
Thanks: 0
Thanked 0 Times in 0 Posts
Default

the problem is that I cannot change the xml, we have to send it as it is to the client.

It is our internal reqirement that we log every request that is being sent out of our system, but incase, there is CC or any such information in the request xml, we're not supposed to store it, rather mask it first and then store.
  #4 (permalink)  
Old April 3rd, 2012, 12:05 PM
Authorized User
Points: 138, Level: 2
Points: 138, Level: 2 Points: 138, Level: 2 Points: 138, Level: 2
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: May 2009
Posts: 32
Thanks: 0
Thanked 0 Times in 0 Posts
Default

secondly, we could have different types of xml containing maskable data and I need one point of entry for all those requests to be masked before being logged.

A request based solution would be difficult to maintain.


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to parse the html contents inside a CDATA elements vijaychhipa XSLT 3 September 23rd, 2011 06:01 AM
Reading XML data with CDATA in it. codehelp C# 2008 aka C# 3.0 1 September 3rd, 2009 08:11 AM
Render HTML inside CDATA with XSL c2c XSLT 0 September 10th, 2006 11:10 AM
Masking jmss66 Classic ASP Basics 2 September 9th, 2003 03:40 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.