stackoom
  简体   繁体   中英

C#: Sanitize XML text values with XmlTextWriter?

 原文  2009-07-24 05:16:30       c#/ xml/ escaping/ sanitization/ xmltextwriter

Question

I'm using XmlTextWriter to serialize and persist some of my data. Several of the fields I serialize are based on user input (eg Username). Today I use the WriteElementString method of XmlTextWriter .

My question is: the second parameter of WriteElementString is the text value to be written. How can I sanitize it prior to writing?

An example code: 

XmlTextWriter writer = new XmlTextWriter("filename.xml", null);

writer.WriteStartElement("User");
writer.WriteElementString("Username", inputUserName);
writer.WriteElementString("Email", inputEmail);
writer.WriteEndElement();

writer.Close();

The variables inputUserName and inputEmail are user-input, and I would like to sanitize/escape them prior to writing.

What's the best way to achieve this?

2 answers

solution1
 3 ACCPTED  2009-07-24 05:18:17

What exactly do you need to escape there? WriteElementString will do all escaping needed by XML already (ie & -> &amp; , < -> &lt; , etc)

solution2
 -2  2009-07-24 05:22:37

You could safe these Values as CDATA that will be safest you can do with xml.

Prior you should check the values via RegEx or any other validation.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question C# XMLTextWriter - XML 1.1 XMLTextWriter C# and no data found for standard xml xmltextwriter path in c# Need Help for writing an XML Start Element in C# using xmltextWriter C# XmlTextWriter class and VisualStudio C# XMLTextWriter include default Namespaces Illegal characters in path c# - XmlTextWriter C# XmlTextWriter can't write to file C# Sanitize File Name How can I remove the BOM from XmlTextWriter using C#?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM