2

My question is similar to Why are "control" characters illegal in XML 1.0? - however I'm looking for a solution to the problem below, rather than why the XML spec disallows control characters in XML.

I have a servlet, which prints a String containing an XML upon user request. One particular element contains a CDATA section which is required to contain some user input text.

Now it so happens that in one particular case, our user input contains the character U+0001 (a control character). And even though I specify the charset as UTF-8, the servlet throws an error:

Error: not well-formed
Location: 

<![CDATA[

Is there a way I can process the Java String to make it "XML safe" ? Particularly, to make it safe when put in the CDATA section?

I hope my question is clear!

Thanks in advance, Raj

Community
  • 1
  • 1
ragebiswas
  • 3,818
  • 9
  • 38
  • 39

1 Answers1

2

The only conforming way to make this XML-safe is to add your own encoding.

You can do one of those two (for example):

  • Store all data as textual data and replace all forbidden characters with some unicode-escape mechanism (other than the one defined in XML itself!). For example you could use the one used by Java: \u0001 for U+0001. or
  • store the data as binary data and use base64Binary of hexBinary to store your data in XML.

Both of those approaches need explicit support in both the consumer and the producer. The second approach has the advantage of using well-defined data types with wide support, but if your content is actually text, you need to specify (or communicate) the encoding used in the byte stream (a necessity that is otherwise negated by XML itself).

If removing all non-transferable characters would be appropriate, then this regex should do the trick:

Pattern XML_INVALID_CHARS = Pattern.compile("[^\u0009\n\r\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF ]+");
String xmlSafe = XML_INVALID_CHARS.matcher(input).replaceAll("");

Note that the spec suggests that document authors be even more restrictive with the set of characters allowed in a note. That regex would be a bit longer.

Joachim Sauer
  • 302,674
  • 57
  • 556
  • 614
  • Thanks for the quick response Sauer. I was hoping there would be some thirdparty API that takes a String and returns a String with the non XML-safe characters wiped out. Sigh! – ragebiswas Jun 27 '11 at 08:29
  • @Raj: so simply removing the offending characters would be acceptable? That might be much easier ... – Joachim Sauer Jun 27 '11 at 08:30
  • Sauer, yes that would be better for me. But I don't want to remove control characters such as spaces and newlines. – ragebiswas Jun 27 '11 at 09:03