[XML-SIG] escaping ' or " in attributes
mike at skew.org
Sun Nov 14 22:45:02 CET 2004
Hefferon9 at aol.com wrote:
> 1) What is the canonical way to escape the quotes inside of an attribute? I
> have a cgi script, and may be getting things from users that I want to stuff
> inside of the attributes. That is, I have code like this:
> favoriteFood=fs.getfirst('favoriteFood') # fs is a cgi.FieldStorage
> and I'm afraid I'll get "Mama's" for an answer, giving me XML like
> <choice favoriteFood='Mama's' />
> (likewise, "Ben & Jerry's" gives me worries) I've cast about for what I
> thought were likely names, but didn't find any .
Depends on how you're creating the X(HT)ML. If you're just doing
prints then of course you will need to do your own replacements.
I suggest you read Uche Ogbuji's article on xml.com entitled
"Proper XML Output In Python" (Google for it)
One thing you should note is that XML has an "apos" entity, but HTML does not.
Therefore if you are intending to generate HTML 4.0 browser compatible XHTML
(as it appears you are), then you need to use "'" instead of "'" when
putting an apostrophe/single-quote in an attribute value that is delimited by
those same characters.
More information about the XML-SIG