pythonxmlsecurityescaping

Escaping strings for use in XML


I'm using Python's xml.dom.minidom to create an XML document. (Logical structure -> XML string, not the other way around.)

How do I make it escape the strings I provide so they won't be able to mess up the XML?


Solution

  • Do you mean you do something like this:

    from xml.dom.minidom import Text, Element
    
    t = Text()
    e = Element('p')
    
    t.data = '<bar><a/><baz spam="eggs"> & blabla &entity;</>'
    e.appendChild(t)
    

    Then you will get nicely escaped XML string:

    >>> e.toxml()
    '<p>&lt;bar&gt;&lt;a/&gt;&lt;baz spam=&quot;eggs&quot;&gt; &amp; blabla &amp;entity;&lt;/&gt;</p>'