<% 'initialize and set vars. collect safe query string parameters and Encode them just to be even safer dim varmonthNum If isEmpty(Request.QueryString("month")) Then varmonthNum = "all" Else varmonthNum = Request.QueryString("month") End If varmonthNum = Server.HTMLEncode(varmonthNum) dim varmonth If isEmpty(Request.QueryString("month")) Then varmonth = "all" Else varmonth = Request.QueryString("month") End If varmonth = Server.HTMLEncode(monthDictionary.Item(varmonth)) dim varstateNum If isEmpty(Request.QueryString("state")) Then varstateNum = "all" Else varstateNum = Request.QueryString("state") End If varstateNum = Server.HTMLEncode(varstateNum) dim varstate If isEmpty(Request.QueryString("state")) Then varstate = "all" Else varstate = Request.QueryString("state") End If varstate = Server.HTMLEncode(stateDictionary.Item(varstate)) dim varstateTrans varstateTrans = Server.HTMLEncode(stateDictionaryLong.Item(varstate)) dim varyear If isEmpty(Request.QueryString("year")) Then varyear = "all" Else varyear = Request.QueryString("year") End If varyear = Server.HTMLEncode(varyear) dim vartopic If isEmpty(Request.QueryString("topic")) Then vartopic = "all" Else vartopic = Request.QueryString("topic") End If vartopic = Server.HTMLEncode(vartopic) dim vartopicTrans vartopicTrans = vartopic vartopicTrans = topicDictionary.Item(vartopicTrans) dim vartop25 If isEmpty(Request.QueryString("top25")) Then vartop25 = "yes" Else vartop25 = Request.QueryString("top25") End If vartop25 = Server.HTMLEncode(vartop25) %> <% If varstate <> "all" Then %>

News Releases - <% Response.Write(varstateTrans) %>

<% ElseIf vartopic <> "all" Then %>

News Releases - <% Response.Write(vartopicTrans) %>

<% ElseIf varmonth <> "all" Then %>

News Releases - <% Response.Write(varmonth+ " " + varyear) %>

<% Else %>

News Releases - Latest 25

<% End If %> <% 'transformation call Dim mm_xsl8: Set mm_xsl8 = new MM_XSLTransform mm_xsl8.setXML "/doclib/xml/nr/xml-daisy-chain.xml" mm_xsl8.setXSL "/mobile/exec/xslt/news.xsl" mm_xsl8.addParameter "year", varyear mm_xsl8.addParameter "month", varmonth mm_xsl8.addParameter "monthNum", varmonthNum mm_xsl8.addParameter "state", varstate mm_xsl8.addParameter "topic", vartopic mm_xsl8.addParameter "top25", vartop25 mm_xsl8.addParameter "stateNum", varstateNum Response.write mm_xsl8.Transform() %>