XmlFormat

Report · Jan 15, 2008

I doubt that I'm the first to create a function like the one below, but I've seen others looking for the same information comparatively recently. So here's a simple way to avoid user-input causing XML to fail ...

I was impressed with the XmlFormat functionality.... until I realized that it didn't convert everything into "an XML-readable format" as the literature seems to indicate. It does well when handling non-String data type conversions but not-so-well with strings containing characters antithematic to XML, including characters such as "<", ">", "@", quotes and apostrophes.

Fortunately there's a simple solution using CFSCRIPT and REReplace...

<cfscript>
function XmlReplace( inString ) {
REReplace(inString, "<", "<", "All");
REReplace(inString, ">", ">", "All");
REReplace(inString, "'", "'", "All");
REReplace(inString, "@", "&", "All");
REReplace(inString, '"', '"', 'All');
return( inString );
}
</cfscript>

This small function is called in precisely the same manner as is XmlFormat. Assuming a query named "abc" you'd use it like this ...

<cfloop query="abc">
<cfoutput><thisItem date="#XmlFormat(#abc.date#)#">#XmlReplace(#abc.comments#)#</thisItem>
</cfoutput>

Report · Jan 16, 2008

> I was impressed with the XmlFormat functionality.... until I realized
> that it didn't convert everything into "an XML-readable format" as the
> literature seems to indicate. It does well when handling non-String data type
> conversions but not-so-well with strings containing characters antithematic to
> XML, including characters such as "<", ">", "@", quotes and apostrophes.

Err... what makes you say that?

xmlFormat() performs the following transitions:

< => <
> => >
' => '
@ => [no change, none necessary]
& => &
" => "

That certainly covers all the things your function does, with the added
bonus that it does it correctly (which yours doesn't, see below).

What are you seeing that it's doing wrong?

> REReplace(inString, "<", "<", "All");
> REReplace(inString, ">", ">", "All");

This could be how the newsfeed parses data, but from where I'm sitting,
you're swapping the angle brackets for... the same angle brackets.

> REReplace(inString, "@", "&", "All");

An @ is not an &

> REReplace(inString, '"', ''', 'All');

Hang on. You're swapping out an apostrophe for an ' - fair enough -
but then swapping out a double-quote for an apostrophe. That doesn't seem
right.

I expect xmlFormatFormat() probably has that one nailed correctly with the
"

--
Adam

Report · Feb 28, 2008

You're right in that I mistyped "@" for "&"... Next time I'll copy/paste.

As to my lack of confidence in XmlFormat... I've found that it works well if you use it like:
<cfset abc = XmlFormat(#inputString#) />
but doesn't in this context:
<cfcontent type="text/xml"><?xml version="1.0" encoding="UTF-8" ?><myRoot><abc parm1="#XmlFormat(#inputString#)#" /></myRoot>

Adobe Community

XmlFormat