Question
I am reading some parameters and generating a XML file with them. I have read a lot about special characters that should be escaped, in particular I have a function that escapes all the characters for the VALUE in the XML file (when no using CDATA):
https://stackoverflow.com/questions/19997759
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian& ==> &
< ==> <
> ==> >
" ==> "
' ==> '
In my specific case, there is only one case where the user can enter the value of the KEY, and the question is, should here be invalid these characters (even escaped)?
Example, the user introduces: key => ipaddress> value=> 192.168.1.25
Which would be the valid option:
<ipaddress>>192.168.1.25</ipaddress>>
or <ipaddress>>192.168.1.25</ipaddress>>
or should the ">" character be omitted for the final string?
Solution
Neither of those will work, you would be much safer to use a fixed element name and put the key as an attribute:
<entry key="ipaddress>">192.168.1.25</entry>
I would strongly recommend you use a proper XML aware API to write XML files, which will handle any necessary escaping for you automatically.
