xmlFormat and Microsoft's Funky Characters

Did you know that xmlFormat, which is supposed to make a string safe for XML, doesn’t always work? Specifically it will ignore the funky Microsoft Word characters like smart quotes. If you are delivering dynamic content via XML, you cannot rely on xmlFormat alone. This is what I’m using now in toXML:

<cffunction name="safeText" returnType="string" access="private" output="false"> <cfargument name="txt" type="string" required="true">

&lt;cfset arguments.txt = replaceList(arguments.txt,chr(8216) & "," & chr(8217) & "," & chr(8220) & "," & chr(8221) & "," & chr(8212) & "," & chr(8213) & "," & chr(8230),"',',"","",--,--,...")&gt;
&lt;cfreturn xmlFormat(arguments.txt)&gt; &lt;/cffunction&gt; </code>

The replaceList comes from Nathan Dintenfas’ SafeText UDF. toXML, in case you don’t remember, is a simple CFC that converts native ColdFusion datatypes to XML. Very useful for handing data to Spry.

Raymond Camden's Picture

About Raymond Camden

Raymond is a developer advocate. He focuses on JavaScript, serverless and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA https://www.raymondcamden.com

Comments