[XML-SIG] escaping ' or " in attributes
Rich Salz
rsalz at datapower.com
Sun Nov 14 00:33:16 CET 2004
> I can do a substitution by hand of course, but I'm trying to learn the best
> practices, and also I conceive that one of the points of a library to give me
> peace of mind that its taken care of obscure cases that I might not
> understand.
Nope, that's all there is. Within an attribute you only have to replace
whatever your quoting character is (single or double quote) and ampersand.
For example:
s.replace('&', '&').replace('"', '"')
then you can the attribute value as
print 'myattr="%s"' % s
or wahtever's appropriate.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
More information about the XML-SIG
mailing list