473,657 Members | 2,358 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Saving < and > in XML

I'm using XmlTextWriter to write XML to a string and XmlDocument to read it
back.

Every thing works OK except if my data contains a < or >. If this is the
case they get saved as < > repectively. When I come to read them back they
appear as the text < > rather than the < and >. What do I have to do to
prevent this happening.

Similarly if I try and save data <abc> I get an exception saying potentially
dangerous data detected

Any ideas how I should handle these cases ? this there some setting that I
need to make when saving the data.
Nov 16 '05 #1
7 4748
< and > are reserved characters in XML. You'll want to wrap these in a
CDATA block or encode them to their escaped values (i.e. &lt;abc&gt;) before
sticking them into XML.

Robert

"Tony" <To**@discussio ns.microsoft.co m> wrote in message
news:E3******** *************** ***********@mic rosoft.com...
I'm using XmlTextWriter to write XML to a string and XmlDocument to read
it
back.

Every thing works OK except if my data contains a < or >. If this is the
case they get saved as < > repectively. When I come to read them back they
appear as the text < > rather than the < and >. What do I have to do to
prevent this happening.

Similarly if I try and save data <abc> I get an exception saying
potentially
dangerous data detected

Any ideas how I should handle these cases ? this there some setting that I
need to make when saving the data.

Nov 16 '05 #2
Tony wrote:
I'm using XmlTextWriter to write XML to a string and XmlDocument to read
it back.

Every thing works OK except if my data contains a < or >. If this is the
case they get saved as < > repectively. When I come to read them back they
appear as the text < > rather than the < and >. What do I have to do to
prevent this happening.

Similarly if I try and save data <abc> I get an exception saying
potentially dangerous data detected

Any ideas how I should handle these cases ? this there some setting that I
need to make when saving the data.


Use the special entity reference.

This applies for & as well.

So:

&amp;
&gt;
&lt;


--
http://antimeme.texeme.com
Nov 16 '05 #3
Does this mean I should run any data I'm about to put into XML through some
function that converts to &lt etc first. If so what is this function?

"Robert May" wrote:
< and > are reserved characters in XML. You'll want to wrap these in a
CDATA block or encode them to their escaped values (i.e. <abc>) before
sticking them into XML.

Robert

"Tony" <To**@discussio ns.microsoft.co m> wrote in message
news:E3******** *************** ***********@mic rosoft.com...
I'm using XmlTextWriter to write XML to a string and XmlDocument to read
it
back.

Every thing works OK except if my data contains a < or >. If this is the
case they get saved as < > repectively. When I come to read them back they
appear as the text < > rather than the < and >. What do I have to do to
prevent this happening.

Similarly if I try and save data <abc> I get an exception saying
potentially
dangerous data detected

Any ideas how I should handle these cases ? this there some setting that I
need to make when saving the data.


Nov 16 '05 #4
Are these the only three reserved characters ?

"John Bailo" wrote:
Tony wrote:
I'm using XmlTextWriter to write XML to a string and XmlDocument to read
it back.

Every thing works OK except if my data contains a < or >. If this is the
case they get saved as < > repectively. When I come to read them back they
appear as the text < > rather than the < and >. What do I have to do to
prevent this happening.

Similarly if I try and save data <abc> I get an exception saying
potentially dangerous data detected

Any ideas how I should handle these cases ? this there some setting that I
need to make when saving the data.


Use the special entity reference.

This applies for & as well.

So:

&

<


--
http://antimeme.texeme.com

Nov 16 '05 #5
"Tony" <To**@discussio ns.microsoft.co m> wrote in message news:87******** *************** ***********@mic rosoft.com...
Are these the only three reserved characters ?
There are five reserved characters (although when they must
be reserved varies, as I'll explain momentarily):

< &lt; &gt;

& &amp;
" &quot;
' &apos;

You must replace '<' with "&lt;" when it appears in text child nodes
of an element. If you fail to do so, the XML parser will expect the
start of a nested child element (which isn't what you want). OTOH,
'>' you can usually leave alone.

You must replace '&' with "&amp;" all of the time. If you fail to do
so, the XML parser will interpret it as you attempting to escape
another character (these are called "character entities").

You must either replace ''' with "&apos;" OR '"' with "&quot;" (but
you do not need to do both) within attribute values. The character
that must be escaped is the character you're using to delimit your
attribute value. That is, if your attribute value is delimited by single
quotes, then you must escape ' when they appear in the value of
that attribute (e.g., O'Reilly ... name='O'Reilly' must be escaped as
name='O&apos;Re illy'), otherwise if your attribute value is delimited
by double quotes then you must escape " when they appear in the
value of the attribute (i.e., if you had said ... name="O'Reilly" then
you wouldn't have to escape anything because the XML parser is
not going to be confused.)

To recap, always replace &. Replace <. Replace the quote character
used to delimit attribute values inside of attribute values.

Inside of a CDATA section, you must escape "]]>" as "]]&lt;", but this
is the only thing you need to escape inside of a CDATA section.
Derek Harmon
Nov 16 '05 #6
"Tony" <To**@discussio ns.microsoft.co m> wrote in message news:0C******** *************** ***********@mic rosoft.com...
Does this mean I should run any data I'm about to put into XML through some
function that converts to &lt etc first. If so what is this function?


The function is called String.Replace( ). If you're writing a string as a
text value, you can do this,

strEscapedValue = strOriginalValu e.Replace( "&", "&amp;").Replac e( "<", "&lt;");

If you're writing an attribute value (where you delimit attribute values
using double quotes, you can do this,

strEscapedAttrV al = strOriginalAttr Val.Replace( "&", "&amp;").Replac e( "\"", "&quot;");
Similarly if I try and save data <abc> I get an exception saying
potentially dangerous data detected


This is because .NET Framework 1.1 adds security checks to
HTTP requests to detect the possible presence of scripts that
may be dangerous.

If you replace all of the '<' with "&lt;" you can bypass this as it
ensures the request contains no script (there's also a setting
you can make in web.config to turn this check off, I believe,
although it isn't recommended).
Derek Harmon
Nov 16 '05 #7
Are you using .WriteRaw()? If so, don't. Use .WriteElement() , .WriteString()
and the like instead. These ought to automatically convert these characters
into their entities.

"Tony" wrote:
I'm using XmlTextWriter to write XML to a string and XmlDocument to read it
back.

Every thing works OK except if my data contains a < or >. If this is the
case they get saved as < > repectively. When I come to read them back they
appear as the text < > rather than the < and >. What do I have to do to
prevent this happening.

Similarly if I try and save data <abc> I get an exception saying potentially
dangerous data detected

Any ideas how I should handle these cases ? this there some setting that I
need to make when saving the data.

Nov 16 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
9
2955
Problems with <link> in a 0.91 RSS
by: Francesco Moi | last post by:
Hello. I'm trying to build a RSS feed for my website. It starts: ----------------//--------------------- <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE rss PUBLIC "-//Netscape Communications//DTD RSS 0.91//EN" "http://my.netscape.com/publish/formats/rss-0.91.dtd"> <rss version="0.91"> ----------------//----------------------
.NET Framework
1
6820
XML problem with special characters like "<" and ">"
by: Christian Schmidbauer | last post by:
Hello! I prepare my XML document like this way: ------------------------------------------------------- PrintWriter writer; Document domDocument; Element domElement; // Root tag
.NET Framework
2
3209
Sending XML Content (with < >) as value of an attributes to Object tag in HTML
by: Eshrath | last post by:
Hi, What I am trying to do: ======================= I need to form a table in html using the xsl but the table that is formed is quite long and cannot be viewed in our application. So we are writing one object in C# which will take the entire table tag contents and renders. Ie., we need to pass "<table>………… <thead>……</thead>. <tr>.<td> <td>..<tr>.<td> <td> </table>" content to
.NET Framework
2
10555
XSL <> converted into &lt; and &gt; in final HTML
by: Donald Firesmith | last post by:
I am having trouble having Google Adsense code stored in XSL converted properly into HTML. The <> unfortunately become &lt; and &gt; and then no longer work. XSL code is: <script type="text/javascript"> <!]> </script> <script type="text/javascript"
.NET Framework
0
2059
cocoon 2.1.6 xsp page: problem with <esql:get-string> and <esql:get-xml>
by: Arne Schirmacher | last post by:
I want to display a MySQL database field that can contain HTML markup. If I use <esql:get-string> then I get all of the database field, but all tags are escaped which is not what I want. If I use <esql:get-xml> the tags are not escaped, but only the first part of the database field is displayed. The content of the database field is: "<h1>Title</h1><h2>Subtitle</h2>"
.NET Framework
4
62095
String.replace(/</g,'&lt;');
by: higabe | last post by:
Three questions 1) I have a string function that works perfectly but according to W3C.org web site is syntactically flawed because it contains the characters </ in sequence. So how am I supposed to write this function? String.replace(/</g,'&lt;');
Javascript
34
11035
<HR> Style Bug in IE6
by: Mark Moore | last post by:
It looks like there's a pretty serious CSS bug in IE6 (v6.0.2800.1106). The HTML below is validated STRICT HTML 4.01 and renders as I would expect in Opera, FrontPage, and Netscape. For some reason, there's an annoying vertical gap between adjacent rules that doesn't go away. This looks like IE6 is incorrectly setting the margin to some arbitrary value. Does anyone know if this is a known bug at MS? If you know of one, post the...
HTML / CSS
11
13687
A <TEXTAREA> is a weird thing.
by: Les Paul | last post by:
I'm trying to design an HTML page that can edit itself. In essence, it's just like a Wiki page, but my own very simple version. It's a page full of plain old HTML content, and then at the bottom, there's an "Edit" link. So the page itself looks something like this: <HTML><HEAD><TITLE>blah</TITLE></HEAD><BODY> <!-- TEXT STARTS HERE --> <H1>Hello World!</H1> <P>More stuff here...</P>
HTML / CSS
4
2219
PHP saving embedded HTML in XML
by: dcrackel | last post by:
I hope there is a simple solution to this, but I've been unable to find it. $dom = new DomDocument(); $dom->load("test.xml"); $test = $dom->getElementsByTagName("test"); $test->nodeValue = "<b>test</b>"; $dom->save("test.xml");
PHP
0
8411
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
8323
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
8838
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
8613
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
1
6176
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5638
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
1
2740
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
1969
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
2
1732
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us