encoding using UTL_I18N.ESCAPE_REFERENCE
975831Nov 23 2012 — edited Nov 26 2012Hi All,
I am facing a problem with UTL_I18N.ESCAPE_REFERENCE.
In my project to protect against xml injection problem the data entered by the user is being encoded and passed to database.
for any special characters received as input, the application encodes this data
eg if the user enters encoded
< '<'
> '>'
And so on.
I can use the UTL_I18N.UNESCAPE_REFERENCE function and get the exact string entered by user.
Select UTL_I18N.UNESCAPE_REFERENCE('<>') x from dual;
Output
x
------
<>
But when i use the UTL_I18N.ESCAPE_REFERENCE function to encode the above output it gives me some other string
Select UTL_I18N.ESCAPE_REFERENCE('<>') x from dual;
Output
x
------------
<>
Can someone please help me get the string to encoded to original i.e '<>'.
My findings on this has been that the characters are encoded as entities but what i am looking for is propably hex rendering of it. Please refer to the below link
http://www.htmlhelp.com/reference/html40/entities/special.html
I observe the site is protecting against xml injection as is converting some text. So the post might not look correct. ESCAPE_REFERENCE returns the values in the entity column but i expect the value in the hex column (refer the link please).
Thanks in advance
Rahul.
Edited by: user11209150 on Nov 22, 2012 10:33 PM