Oracle Workflow API Reference Release 2.6.3.5 Part Number B12163-02 |
Previous | Next | Contents | Index | Glossary |
function SubstituteSpecialChars
(some_text in varchar2)
return varchar2;
Pragmas
pragma RESTRICT_REFERENCES(SubstituteSpecialChars, WNDS);
Description
Substitutes HTML character entity references for special characters in a text string and returns the modified text including the substitutions.
You can use this function as a security precaution when creating a PL/SQL document or a PL/SQL CLOB document that contains HTML, to ensure that only the HTML code you intend to include is executed. If you retrieve any data from the database at runtime for inclusion in the document, use SubstituteSpecialChars() to replace any HTML tag characters in that data, so that those characters will not be interpreted as HTML code and executed.
Note that you should not substitute entity references for HTML tags that you include in the document yourself. Otherwise, the document will not be displayed with your intended HTML formatting. You only need to perform this substitution for data that is retrieved from the database at runtime, which may be entered from an external source.
The following table shows each special character and the entity reference with which it is replaced.
Character | Entity Reference |
---|---|
< | < |
> | > |
\ | \ |
& | & |
" | " |
' | ' |
some_text | The text string in which you want to replace special characters. |
Previous | Next | Contents | Index | Glossary |