473,414 Members | 1,630 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c# / c sharp > questions > saving < and > in xml

Join Bytes to post your question to a community of 473,414 software developers and data experts.

Saving < and > in XML

I'm using XmlTextWriter to write XML to a string and XmlDocument to read it
back.

Every thing works OK except if my data contains a < or >. If this is the
case they get saved as < > repectively. When I come to read them back they
appear as the text < > rather than the < and >. What do I have to do to
prevent this happening.

Similarly if I try and save data <abc> I get an exception saying potentially
dangerous data detected

Any ideas how I should handle these cases ? this there some setting that I
need to make when saving the data.
Nov 16 '05 #1
7 4734
< and > are reserved characters in XML. You'll want to wrap these in a
CDATA block or encode them to their escaped values (i.e. &lt;abc&gt;) before
sticking them into XML.

Robert

"Tony" <To**@discussions.microsoft.com> wrote in message
news:E3**********************************@microsof t.com...
I'm using XmlTextWriter to write XML to a string and XmlDocument to read
it
back.

Every thing works OK except if my data contains a < or >. If this is the
case they get saved as < > repectively. When I come to read them back they
appear as the text < > rather than the < and >. What do I have to do to
prevent this happening.

Similarly if I try and save data <abc> I get an exception saying
potentially
dangerous data detected

Any ideas how I should handle these cases ? this there some setting that I
need to make when saving the data.

Nov 16 '05 #2
Tony wrote:
I'm using XmlTextWriter to write XML to a string and XmlDocument to read
it back.

Every thing works OK except if my data contains a < or >. If this is the
case they get saved as < > repectively. When I come to read them back they
appear as the text < > rather than the < and >. What do I have to do to
prevent this happening.

Similarly if I try and save data <abc> I get an exception saying
potentially dangerous data detected

Any ideas how I should handle these cases ? this there some setting that I
need to make when saving the data.


Use the special entity reference.

This applies for & as well.

So:

&amp;
&gt;
&lt;


--
http://antimeme.texeme.com
Nov 16 '05 #3
Does this mean I should run any data I'm about to put into XML through some
function that converts to &lt etc first. If so what is this function?

"Robert May" wrote:
< and > are reserved characters in XML. You'll want to wrap these in a
CDATA block or encode them to their escaped values (i.e. <abc>) before
sticking them into XML.

Robert

"Tony" <To**@discussions.microsoft.com> wrote in message
news:E3**********************************@microsof t.com...
I'm using XmlTextWriter to write XML to a string and XmlDocument to read
it
back.

Every thing works OK except if my data contains a < or >. If this is the
case they get saved as < > repectively. When I come to read them back they
appear as the text < > rather than the < and >. What do I have to do to
prevent this happening.

Similarly if I try and save data <abc> I get an exception saying
potentially
dangerous data detected

Any ideas how I should handle these cases ? this there some setting that I
need to make when saving the data.


Nov 16 '05 #4
Are these the only three reserved characters ?

"John Bailo" wrote:
Tony wrote:
I'm using XmlTextWriter to write XML to a string and XmlDocument to read
it back.

Every thing works OK except if my data contains a < or >. If this is the
case they get saved as < > repectively. When I come to read them back they
appear as the text < > rather than the < and >. What do I have to do to
prevent this happening.

Similarly if I try and save data <abc> I get an exception saying
potentially dangerous data detected

Any ideas how I should handle these cases ? this there some setting that I
need to make when saving the data.


Use the special entity reference.

This applies for & as well.

So:

&

<


--
http://antimeme.texeme.com

Nov 16 '05 #5
"Tony" <To**@discussions.microsoft.com> wrote in message news:87**********************************@microsof t.com...
Are these the only three reserved characters ?
There are five reserved characters (although when they must
be reserved varies, as I'll explain momentarily):

< &lt; &gt;

& &amp;
" &quot;
' &apos;

You must replace '<' with "&lt;" when it appears in text child nodes
of an element. If you fail to do so, the XML parser will expect the
start of a nested child element (which isn't what you want). OTOH,
'>' you can usually leave alone.

You must replace '&' with "&amp;" all of the time. If you fail to do
so, the XML parser will interpret it as you attempting to escape
another character (these are called "character entities").

You must either replace ''' with "&apos;" OR '"' with "&quot;" (but
you do not need to do both) within attribute values. The character
that must be escaped is the character you're using to delimit your
attribute value. That is, if your attribute value is delimited by single
quotes, then you must escape ' when they appear in the value of
that attribute (e.g., O'Reilly ... name='O'Reilly' must be escaped as
name='O&apos;Reilly'), otherwise if your attribute value is delimited
by double quotes then you must escape " when they appear in the
value of the attribute (i.e., if you had said ... name="O'Reilly" then
you wouldn't have to escape anything because the XML parser is
not going to be confused.)

To recap, always replace &. Replace <. Replace the quote character
used to delimit attribute values inside of attribute values.

Inside of a CDATA section, you must escape "]]>" as "]]&lt;", but this
is the only thing you need to escape inside of a CDATA section.
Derek Harmon
Nov 16 '05 #6
"Tony" <To**@discussions.microsoft.com> wrote in message news:0C**********************************@microsof t.com...
Does this mean I should run any data I'm about to put into XML through some
function that converts to &lt etc first. If so what is this function?


The function is called String.Replace( ). If you're writing a string as a
text value, you can do this,

strEscapedValue = strOriginalValue.Replace( "&", "&amp;").Replace( "<", "&lt;");

If you're writing an attribute value (where you delimit attribute values
using double quotes, you can do this,

strEscapedAttrVal = strOriginalAttrVal.Replace( "&", "&amp;").Replace( "\"", "&quot;");
Similarly if I try and save data <abc> I get an exception saying
potentially dangerous data detected


This is because .NET Framework 1.1 adds security checks to
HTTP requests to detect the possible presence of scripts that
may be dangerous.

If you replace all of the '<' with "&lt;" you can bypass this as it
ensures the request contains no script (there's also a setting
you can make in web.config to turn this check off, I believe,
although it isn't recommended).
Derek Harmon
Nov 16 '05 #7
Are you using .WriteRaw()? If so, don't. Use .WriteElement(), .WriteString()
and the like instead. These ought to automatically convert these characters
into their entities.

"Tony" wrote:
I'm using XmlTextWriter to write XML to a string and XmlDocument to read it
back.

Every thing works OK except if my data contains a < or >. If this is the
case they get saved as < > repectively. When I come to read them back they
appear as the text < > rather than the < and >. What do I have to do to
prevent this happening.

Similarly if I try and save data <abc> I get an exception saying potentially
dangerous data detected

Any ideas how I should handle these cases ? this there some setting that I
need to make when saving the data.

Nov 16 '05 #8
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

9
Problems with <link> in a 0.91 RSS
by: Francesco Moi | last post by:
Hello. I'm trying to build a RSS feed for my website. It starts: ----------------//--------------------- <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE rss PUBLIC "-//Netscape...
.NET Framework
1
XML problem with special characters like "<" and ">"
by: Christian Schmidbauer | last post by:
Hello! I prepare my XML document like this way: ------------------------------------------------------- PrintWriter writer; Document domDocument; Element domElement; // Root tag
.NET Framework
2
Sending XML Content (with < >) as value of an attributes to Object tag in HTML
by: Eshrath | last post by:
Hi, What I am trying to do: ======================= I need to form a table in html using the xsl but the table that is formed is quite long and cannot be viewed in our application. So we are...
.NET Framework
2
XSL <> converted into &lt; and &gt; in final HTML
by: Donald Firesmith | last post by:
I am having trouble having Google Adsense code stored in XSL converted properly into HTML. The <> unfortunately become &lt; and &gt; and then no longer work. XSL code is: <script...
.NET Framework
0
cocoon 2.1.6 xsp page: problem with <esql:get-string> and <esql:get-xml>
by: Arne Schirmacher | last post by:
I want to display a MySQL database field that can contain HTML markup. If I use <esql:get-string> then I get all of the database field, but all tags are escaped which is not what I want. If I use...
.NET Framework
4
String.replace(/</g,'&lt;');
by: higabe | last post by:
Three questions 1) I have a string function that works perfectly but according to W3C.org web site is syntactically flawed because it contains the characters </ in sequence. So how am I...
Javascript
34
<HR> Style Bug in IE6
by: Mark Moore | last post by:
It looks like there's a pretty serious CSS bug in IE6 (v6.0.2800.1106). The HTML below is validated STRICT HTML 4.01 and renders as I would expect in Opera, FrontPage, and Netscape. For some...
HTML / CSS
11
A <TEXTAREA> is a weird thing.
by: Les Paul | last post by:
I'm trying to design an HTML page that can edit itself. In essence, it's just like a Wiki page, but my own very simple version. It's a page full of plain old HTML content, and then at the bottom,...
HTML / CSS
4
PHP saving embedded HTML in XML
by: dcrackel | last post by:
I hope there is a simple solution to this, but I've been unable to find it. $dom = new DomDocument(); $dom->load("test.xml"); $test = $dom->getElementsByTagName("test"); $test->nodeValue =...
PHP
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!