Tip of the Day #18: Storing User Input in XML

If you are going to dump user generate input into XML please remember to escape appropriately. For example, the ampersand symbol has special meaning in XML and you must escape it. e.g. & becomes &

1 Comment

  1. barryd says:
    30 November, -0001 at 00:00

    Actually it depends where you store it. If it’s in an attribute the rules can be different. Luckily a little project called AntiXSS has XmlEncode and XmlAttributeEncode already done for you … :)Or you can be boring and use an XMLTextWriter.

    Reply

Leave a Comment

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s