I have a SOAP web service written in java communicating via XML-utf-8.
My produced xml’s attributes values should contain html and/or normal text with extra characters, so is that a good practise/or needed for safety to have my xml values encoded before I start constructing my xml?
something like this for every value in my entity classes? or another opinion?
String encodedString = URLEncoder.encode(s, "UTF-8");
and for the client:
ByteArrayInputStream stream = new ByteArrayInputStream(
response.getBytes("UTF-8"));
SAXBuilder builder = new SAXBuilder();
Document doc = builder.build(stream);
It entirely depends on what you are using to create the XML:
If you are creating a DOM and serializing it, then you don’t need to encode attribute values beforehand.
If you are using a web services framework or XStream or something like that, then you probably don’t need to encode attribute values beforehand.
If you are creating the XML by concatenating Strings, then you DO need to encode the attributes.
“Good practice” doesn’t come into it. If you need to do it, you do it. Otherwise you must not do it.
The same arguments apply when you come to read / parse the XML at the other end.
The bottom line is that there is no general answer. You need to understand the specific requirements of the middleware technology that you are using. The javadocs and other API documentation / tutorials are the first place to look for answers.