Home/ Questions/Q 6733705
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T10:48:04+00:00

In JavaScript (server side NodeJS) I’m writing a program which generates XML as output.

  • 0

In JavaScript (server side NodeJS) I’m writing a program which generates XML as output.

I am building the XML by concatenating a string:

str += '<' + key + '>';
str += value;
str += '</' + key + '>';

The problem is: what if value contains characters like '&', '>' or '<'?
What’s the best way to escape those characters?

or is there any JavaScript library around which can escape XML entities?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    HTML encoding is simply replacing &, ", ', < and > chars with their entity equivalents. Order matters, if you don’t replace the & chars first, you’ll double encode some of the entities:

    if (!String.prototype.encodeHTML) {
  String.prototype.encodeHTML = function () {
    return this.replace(/&/g, '&amp;')
               .replace(/</g, '&lt;')
               .replace(/>/g, '&gt;')
               .replace(/"/g, '&quot;')
               .replace(/'/g, '&apos;');
  };
}

    As @Johan B.W. de Vries pointed out, this will have issues with the tag names, I would like to clarify that I made the assumption that this was being used for the value only

    Conversely if you want to decode HTML entities1, make sure you decode &amp; to & after everything else so that you don’t double decode any entities:

    if (!String.prototype.decodeHTML) {
  String.prototype.decodeHTML = function () {
    return this.replace(/&apos;/g, "'")
               .replace(/&quot;/g, '"')
               .replace(/&gt;/g, '>')
               .replace(/&lt;/g, '<')
               .replace(/&amp;/g, '&');
  };
}

    1 just the basics, not including &copy; to © or other such things

    As far as libraries are concerned. Underscore.js (or Lodash if you prefer) provides an _.escape method to perform this functionality.

    • 0