2 Replies Latest reply on Feb 28, 2008 8:36 AM by coffeedrinker56

    XmlFormat

    coffeedrinker56
      I doubt that I'm the first to create a function like the one below, but I've seen others looking for the same information comparatively recently. So here's a simple way to avoid user-input causing XML to fail ...

      I was impressed with the XmlFormat functionality.... until I realized that it didn't convert everything into "an XML-readable format" as the literature seems to indicate. It does well when handling non-String data type conversions but not-so-well with strings containing characters antithematic to XML, including characters such as "<", ">", "@", quotes and apostrophes.

      Fortunately there's a simple solution using CFSCRIPT and REReplace...

      <cfscript>
      function XmlReplace( inString ) {
      REReplace(inString, "<", "&lt;", "All");
      REReplace(inString, ">", "&gt;", "All");
      REReplace(inString, "'", "&apos;", "All");
      REReplace(inString, "@", "&amp;", "All");
      REReplace(inString, '"', '&quot;', 'All');
      return( inString );
      }
      </cfscript>

      This small function is called in precisely the same manner as is XmlFormat. Assuming a query named "abc" you'd use it like this ...

      <cfloop query="abc">
      <cfoutput><thisItem date="#XmlFormat(#abc.date#)#">#XmlReplace(#abc.comments#)#</thisItem>
      </cfoutput>

        • 1. Re: XmlFormat
          Level 7
          > I was impressed with the XmlFormat functionality.... until I realized
          > that it didn't convert everything into "an XML-readable format" as the
          > literature seems to indicate. It does well when handling non-String data type
          > conversions but not-so-well with strings containing characters antithematic to
          > XML, including characters such as "<", ">", "@", quotes and apostrophes.

          Err... what makes you say that?

          xmlFormat() performs the following transitions:

          < => &lt;
          > => &gt;
          ' => &apos;
          @ => [no change, none necessary]
          & => &amp;
          " => &quot;

          That certainly covers all the things your function does, with the added
          bonus that it does it correctly (which yours doesn't, see below).

          What are you seeing that it's doing wrong?


          > REReplace(inString, "<", "<", "All");
          > REReplace(inString, ">", ">", "All");

          This could be how the newsfeed parses data, but from where I'm sitting,
          you're swapping the angle brackets for... the same angle brackets.


          > REReplace(inString, "@", "&amp;", "All");

          An @ is not an &amp;


          > REReplace(inString, '"', ''', 'All');

          Hang on. You're swapping out an apostrophe for an &apos; - fair enough -
          but then swapping out a double-quote for an apostrophe. That doesn't seem
          right.

          I expect xmlFormatFormat() probably has that one nailed correctly with the
          &quot;

          --
          Adam
          • 2. Re: XmlFormat
            coffeedrinker56 Level 1
            You're right in that I mistyped "@" for "&"... Next time I'll copy/paste.

            As to my lack of confidence in XmlFormat... I've found that it works well if you use it like:
            <cfset abc = XmlFormat(#inputString#) />
            but doesn't in this context:
            <cfcontent type="text/xml"><?xml version="1.0" encoding="UTF-8" ?><myRoot><abc parm1="#XmlFormat(#inputString#)#" /></myRoot>