Tip of the Day #18: Storing User Input in XML

If you are going to dump user generate input into XML please remember to escape appropriately. For example, the ampersand symbol has special meaning in XML and you must escape it. e.g. & becomes &

Published by Colin Mackay

I blog at ColinMackay.scot. I also talk at software development conferences.

Join the Conversation

1 Comment

  1. Actually it depends where you store it. If it’s in an attribute the rules can be different. Luckily a little project called AntiXSS has XmlEncode and XmlAttributeEncode already done for you … :)Or you can be boring and use an XMLTextWriter.

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: