xml_escape

STRINGxml_escapeSTRINGs

Available inall subroutines.

Escapes characters from a string using XML-style escape sequences.

This function does not understand UTF-8 encoded Unicode text (like for example JSON), but instead handles it byte by byte. Characters are escaped according to the rules described in Section 2.4 of the XML 1.0 W3C Recommendation.

The escaping rules are as follows:

  • The ampersand character (&) will be represented as &.
  • The left angle bracket character (<) will be represented as &lt;.
  • The right angle bracket character (>) will be represented as &gt;.
  • The single-quote character (') will be represented as &apos;.
  • The double-quote character (") will be represented as &quot;.
  • If none of the above matched, the byte is passed through as-is.

Other bytes are passed through verbatim.

Some examples:

Inputxml_escape()
abc123abc123
romeo&julietromeo&amp;juliet
0 < 10 &lt; 1
isn'tisn&apos;t

We recommend using utf8.is_valid to check that your data represents a valid UTF-8 string before calling xml_escape.

Example

# var.escaped is set to: <city>london</city>
declare local var.escaped STRING;
set var.escaped = "<city>" + xml_escape(client.geo.city.ascii) + "</city>";