[XML-SIG] escaping ' or " in attributes

Rich Salz rsalz at datapower.com
Sun Nov 14 00:33:16 CET 2004

> I can do a substitution by hand of course, but I'm trying to learn the best
> practices, and also I conceive that one of the points of a library to  give me
> peace of mind that its taken care of obscure cases that I might not
> understand.

Nope, that's all there is.  Within an attribute you only have to replace
whatever your quoting character is (single or double quote) and ampersand.
For example:
	s.replace('&', '&').replace('"', '"')
then you can the attribute value as
	print 'myattr="%s"' % s
or wahtever's appropriate.


Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

More information about the XML-SIG mailing list