Skip to content
Fix Code Error

What characters do I need to escape in XML documents?

March 13, 2021 by Code Error
Posted By: Anonymous

What characters must be escaped in XML documents, or where could I find such a list?

Solution

If you use an appropriate class or library, they will do the escaping for you. Many XML issues are caused by string concatenation.

XML escape characters

There are only five:

"   "
'   '
<   &lt;
>   &gt;
&   &amp;

Escaping characters depends on where the special character is used.

The examples can be validated at the W3C Markup Validation Service.

Text

The safe way is to escape all five characters in text. However, the three characters ", ' and > needn’t be escaped in text:

<?xml version="1.0"?>
<valid>"'></valid>

Attributes

The safe way is to escape all five characters in attributes. However, the > character needn’t be escaped in attributes:

<?xml version="1.0"?>
<valid attribute=">"/>

The ' character needn’t be escaped in attributes if the quotes are ":

<?xml version="1.0"?>
<valid attribute="'"/>

Likewise, the " needn’t be escaped in attributes if the quotes are ':

<?xml version="1.0"?>
<valid attribute='"'/>

Comments

All five special characters must not be escaped in comments:

<?xml version="1.0"?>
<valid>
<!-- "'<>& -->
</valid>

CDATA

All five special characters must not be escaped in CDATA sections:

<?xml version="1.0"?>
<valid>
<![CDATA["'<>&]]>
</valid>

Processing instructions

All five special characters must not be escaped in XML processing instructions:

<?xml version="1.0"?>
<?process <"'&> ?>
<valid/>

XML vs. HTML

HTML has its own set of escape codes which cover a lot more characters.

Answered By: Anonymous

Related Articles

  • What are the undocumented features and limitations…
  • How to generate JAXB classes from XSD?
  • Symfony 2, Twig: how not to escape field value (used…
  • center 3 items on 2 lines
  • How can I parse a CSV string with JavaScript, which…
  • python 3.2 UnicodeEncodeError: 'charmap' codec can't…
  • Smart way to truncate long strings
  • @import not working for my "application.css.scss"…
  • Identifying and solving…
  • Can the type of a function be constrained to certain…
  • etree parsing xml with escaped html inside
  • Capturing closures within closures: Xcode throws…
  • "Thinking in AngularJS" if I have a jQuery background?
  • Error: request entity too large
  • Which characters need to be escaped in HTML?
  • Using StringWriter for XML Serialization
  • Tokenize mathematic string expression
  • jQuery.parseJSON throws “Invalid JSON” error due to…
  • What does a "Cannot find symbol" or "Cannot resolve…
  • Sequence contains no matching element
  • How do SO_REUSEADDR and SO_REUSEPORT differ?
  • How do you parse and process HTML/XML in PHP?
  • ember cli application build fails: The Broccoli…
  • How to upload a file in Django?
  • What special characters must be escaped in regular…
  • What is the JSF resource library for and how should…
  • Backbone Collection.fetch gives me Uncaught…
  • Need to extract text in a C# Regex
  • How to unescape a Java string literal in Java?
  • How to fail a nested megaparsec parser?
  • How can I find the product GUID of an installed MSI setup?
  • Ukkonen's suffix tree algorithm in plain English
  • Why do we use __init__ in Python classes?
  • How can I move all the files from one folder to…
  • JSON character encoding - is UTF-8 well-supported by…
  • Reference - What does this regex mean?
  • Insert text with single quotes in PostgreSQL
  • Completely uninstall PostgreSQL 9.0.4 from Mac OSX Lion?
  • multi level ul li backbone.js
  • Force Backbone or Underscore to always escape all variables?
  • String Concatenation using '+' operator
  • Problems using Maven and SSL behind proxy
  • How to filter a RecyclerView with a SearchView
  • Which characters need to be escaped when using Bash?
  • Dynamic SQL executed inside a stored procedure in a…
  • Database development mistakes made by application developers
  • How to use Servlets and Ajax?
  • Fastest way to iterate over all the chars in a String
  • What is a NullReferenceException, and how do I fix it?
  • Why am I getting a "401 Unauthorized" error in Maven?
  • Memcached vs. Redis?
  • What does "Fatal error: Unexpectedly found nil while…
  • Why not inherit from List?
  • What is an optional value in Swift?
  • NullpointerException error while working with…
  • SQL NVARCHAR and VARCHAR Limits
  • What is a stack trace, and how can I use it to debug…
  • Angular: Can't find Promise, Map, Set and Iterator
  • How to generate a random string of a fixed length in Go?
  • T-SQL: Opposite to string concatenation - how to…
  • Difference between shared objects (.so), static…
  • Now Mongoose Cannot overwrite model once compiled
  • What does "Could not find or load main class" mean?
  • Is there a RegExp.escape function in JavaScript?
  • BackboneJs: Uncaught TypeError: undefined is not a function
  • Escape a string in SQL Server so that it is safe to…
  • Getting started with Haskell
  • Failed to execute goal…
  • The definitive guide to form-based website authentication
  • Design DFA accepting binary strings divisible by a…
  • JSON and escaping characters
  • Asp.net core WebApi endpoint for many to many tables
  • How do I escape ampersands in batch files?
  • Escape a string for a sed replace pattern
  • Unable to run Robolectric and Espresso with a…
  • Render HTML string as real HTML in a React component
  • What is the difference between single-quoted and…
  • XSS prevention in JSP/Servlet web application
  • Vuetify Navigation Drawer works once then stops
  • Are PDO prepared statements sufficient to prevent…
  • Regular expression for floating point numbers
  • The entity name must immediately follow the '&'…
  • When are you supposed to use escape instead of…
  • SecurityException: Permission denied (missing…
  • How should I escape strings in JSON?
  • Preventing SQL injection in Node.js
  • Logging best practices
  • After a little scroll, the sticky navbar just is not…
  • How do I install Java on Mac OSX allowing version switching?
  • How to run my Python script with Anaconda…
  • Difference between
  • Error parsing XHTML: The content of elements must…
  • Remove complete node from XML, if the child…
  • Kodein + Ktor = mutation attempt of frozen…
  • Is it better practice to use String.format over…
  • How can I use mySQL replace() to replace strings in…
  • How to use a variable inside a regular expression?
  • Expansion of variables inside single quotes in a…
  • Will Java update Strings on creation
  • Creating text from character code in XSLT

Disclaimer: This content is shared under creative common license cc-by-sa 3.0. It is generated from StackExchange Website Network.

Post navigation

Previous Post:

How do you create a hidden div that doesn’t create a line break or horizontal space?

Next Post:

How can I get list of values from dict?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

.net ajax android angular arrays aurelia backbone.js bash c++ css dataframe ember-data ember.js excel git html ios java javascript jquery json laravel linux list mysql next.js node.js pandas php polymer polymer-1.0 python python-3.x r reactjs regex sql sql-server string svelte typescript vue-component vue.js vuejs2 vuetify.js

  • you shouldn’t need to use z-index
  • No column in target database, but getting “The schema update is terminating because data loss might occur”
  • Angular – expected call-signature: ‘changePassword’ to have a typedeftslint(typedef)
  • trying to implement NativeAdFactory imports deprecated method by default in flutter java project
  • What should I use to get an attribute out of my foreign table in Laravel?
© 2022 Fix Code Error