Skip Headers

Oracle Workflow API Reference
Release 2.6.3.5

Part Number B12163-02
Previous Next       Contents Index Glossary
         Previous  Next          Contents  Index  Glossary

SubstituteSpecialChars

PL/SQL Syntax

function SubstituteSpecialChars

     (some_text in varchar2) 
return varchar2;

Pragmas

pragma RESTRICT_REFERENCES(SubstituteSpecialChars, WNDS);

Description

Substitutes HTML character entity references for special characters in a text string and returns the modified text including the substitutions.

You can use this function as a security precaution when creating a PL/SQL document or a PL/SQL CLOB document that contains HTML, to ensure that only the HTML code you intend to include is executed. If you retrieve any data from the database at runtime for inclusion in the document, use SubstituteSpecialChars() to replace any HTML tag characters in that data, so that those characters will not be interpreted as HTML code and executed.

Note that you should not substitute entity references for HTML tags that you include in the document yourself. Otherwise, the document will not be displayed with your intended HTML formatting. You only need to perform this substitution for data that is retrieved from the database at runtime, which may be entered from an external source.

The following table shows each special character and the entity reference with which it is replaced.

Character Entity Reference
< &lt;
> &gt;
\ &#92;
& &amp;
" &quot;
' &#39;

Arguments (input)

some_text The text string in which you want to replace special characters.


         Previous  Next          Contents  Index  Glossary



Oracle Logo
Copyright © 2003, 2004, Oracle. All rights reserved.