Tip of the Day #18: Storing User Input in XML

If you are going to dump user generate input into XML please remember to escape appropriately. For example, the ampersand symbol has special meaning in XML and you must escape it. e.g. & becomes &

1 Comment

  1. barryd says:

    Actually it depends where you store it. If it’s in an attribute the rules can be different. Luckily a little project called AntiXSS has XmlEncode and XmlAttributeEncode already done for you … :)Or you can be boring and use an XMLTextWriter.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s