当前位置 : 首页 » 互动问答 » 正文

Invalid Characters in XML

分类 : 互动问答 | 发布时间 : 2009-04-08 21:55:40 | 评论 : 14 | 浏览 : 506611 | 喜欢 : 177

I am working with some XML at the moment.

I have nodes that hold strings like below:

<node>This is a string</node>

Some of the strings that I am passing to the nodes will have characters like &, #, $ etc.

<node>This is a string & so is this</node>

This is not valid due to the &

I cannot wrap these strings in CDATA as they need to be as they are. I have tried looking online for a list of characters that cannot be put in XML nodes without being in a CDATA.

Could anyone point me in the direction of one or provide me with a list of illegal characters?

回答(14)

  • 1楼
  • The list of valid characters is in the XML specification:

    Char       ::=      #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]  /* any Unicode character, excluding the surrogate blocks, FFFE, and FFFF. */
    
  • 2楼
  • OK, let's separate the question of (1) the characters that aren't valid at all in any XML document, and (2) the characters that need to be escaped:

    The answer provided by @dolmen Invalid Characters in XML is still valid but needs to be updated with the XML 1.1 specification.

    1. Invalid characters

    The characters described here are all the characters that are allowed to be inserted in an XML document.

    1.1. In XML 1.0

    The global list of allowed characters is:

    [2] Char ::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF] /* any Unicode character, excluding the surrogate blocks, FFFE, and FFFF. */

    Basically, the control characters and characters out of the Unicode ranges are not allowed. This means also that calling for example the character entity &#x3; is forbidden.

    1.2. In XML 1.1

    The global list of allowed characters is:

    [2] Char ::= [#x1-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF] /* any Unicode character, excluding the surrogate blocks, FFFE, and FFFF. */

    [2a] RestrictedChar ::= [#x1-#x8] | [#xB-#xC] | [#xE-#x1F] | [#x7F-#x84] | [#x86-#x9F]

    This revision of the XML recommendation has extended the allowed characters so control characters are allowed, and takes into account a new revision of the Unicode standard, but these ones are still not allowed : NUL (x00), xFFFE, xFFFF...

    However, the use of control characters and undefined Unicode char is discouraged.

    It can also be noticed that all parsers do not always take this into account and XML documents with control characters may be rejected.

    2. Characters that need to be escaped (to obtain a well-formed document):

    The < must be escaped with a &lt; entity, since it is assumed to be the beginning of a tag.

    The & must be escaped with a &amp; entity, since it is assumed to be the beginning a entity reference

    The > should be escaped with &gt; entity. It is not mandatory -- it depends on the context -- but it is strongly advised to escape it.

    The ' should be escaped with a &apos; entity -- mandatory in attributes defined within single quotes but it is strongly advised to always escape it.

    The " should be escaped with a &quot; entity -- mandatory in attributes defined within double quotes but it is strongly advised to always escape it.

  • 3楼
  • The only illegal characters are &, < and > (as well as " or ' in attributes).

    They're escaped using XML entities, in this case you want &amp; for &.

    Really, though, you should use a tool or library that writes XML for you and abstracts this kind of thing away for you so you don't have to worry about it.

  • 4楼
  • This is a C# code to remove the XML invalid characters from a string and return a new valid string.

    public static string CleanInvalidXmlChars(string text) 
    { 
        // From xml spec valid chars: 
        // #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]     
        // any Unicode character, excluding the surrogate blocks, FFFE, and FFFF. 
        string re = @"[^\x09\x0A\x0D\x20-\uD7FF\uE000-\uFFFD\u10000-\u10FFFF]"; 
        return Regex.Replace(text, re, ""); 
    }
    
  • 6楼
  • Another easy way to escape potentially unwanted XML / XHTML chars in C# is:

    WebUtility.HtmlEncode(stringWithStrangeChars)
    
  • 7楼
  • In addition to potame's answer, if you do want to escape using a CDATA block.

    If you put your text in a CDATA block then you don't need to use escaping. In that case you can use all characters in the following range:

    graphical representation of possible characters

    Note: On top of that, you're not allowed to use the ]]> character sequence. Because it would match the end of the CDATA block.

    If there are still invalid characters (e.g. control characters), then probably it's better to use some kind of encoding (e.g. base64).

  • 8楼
  • This answer worked for me

    string code = Regex.Replace(item.Code, @"[\u0000-\u0008,\u000B,\u000C,\u000E-\u001F]", "");
    

    Details in this link to Blog

  • 9楼
  • For Java folks, Apache has a utility class (StringEscapeUtils) that has a helper method escapeXml which can be used for escaping characters in a string using XML entities.

  • 10楼
  • In Woodstox XML processor, invalid characters are classified by this code

    if (c == 0) {
        throw new IOException("Invalid null character in text to output");
    }
    if (c < ' ' || (c >= 0x7F && c <= 0x9F)) {
        String msg = "Invalid white space character (0x" + Integer.toHexString(c) + ") in text to output";
        if (mXml11) {
            msg += " (can only be output using character entity)";
        }
        throw new IOException(msg);
    }
    if (c > 0x10FFFF) {
        throw new IOException("Illegal unicode character point (0x" + Integer.toHexString(c) + ") to output; max is 0x10FFFF as per RFC");
    }
    /*
     * Surrogate pair in non-quotable (not text or attribute value) content, and non-unicode encoding (ISO-8859-x,
     * Ascii)?
     */
    if (c >= SURR1_FIRST && c <= SURR2_LAST) {
        throw new IOException("Illegal surrogate pair -- can only be output via character entities, which are not allowed in this content");
    }
    throw new IOException("Invalid XML character (0x"+Integer.toHexString(c)+") in text to output");
    

    Source from here

  • 11楼
  • Another way to remove incorrect XML chars in C# with using XmlConvert.IsXmlChar Method (Available since .NET Framework 4.0)

    public static string RemoveInvalidXmlChars(string content)
    {
       return new string(content.Where(ch => System.Xml.XmlConvert.IsXmlChar(ch)).ToArray());
    }
    

    or you may check that all characters are XML-valid.

    public static bool CheckValidXmlChars(string content)
    {
       return content.All(ch => System.Xml.XmlConvert.IsXmlChar(ch));
    }
    

    .Net Fiddle - https://dotnetfiddle.net/v1TNus

    For example, the vertical tab symbol (\v) is not valid for XML, it is valid UTF-8, but not valid XML 1.0, and even many libraries (including libxml2) miss it and silently output invalid XML.

  • 12楼
  • ampersand (&) is escaped to &amp;
    
    double quotes (") are escaped to &quot;
    
    single quotes (') are escaped to &apos; 
    
    less than (<) is escaped to &lt; 
    
    greater than (>) is escaped to &gt;
    

    In C#, use System.Security.SecurityElement.Escape or System.Net.WebUtility.HtmlEncode to escape these illegal characters.

    string xml = "<node>it's my \"node\" & i like it 0x12 x09 x0A  0x09 0x0A <node>";
    string encodedXml1 = System.Security.SecurityElement.Escape(xml);
    string encodedXml2= System.Net.WebUtility.HtmlEncode(xml);
    
    
    encodedXml1
    "&lt;node&gt;it&apos;s my &quot;node&quot; &amp; i like it 0x12 x09 x0A  0x09 0x0A &lt;node&gt;"
    
    encodedXml2
    "&lt;node&gt;it&#39;s my &quot;node&quot; &amp; i like it 0x12 x09 x0A  0x09 0x0A &lt;node&gt;"
    
  • 13楼
  • Anyone tried this System.Security.SecurityElement.Escape(yourstring)? This will replaces invalid XML characters in a string with their valid equivalent

  • 14楼
  • For XSL (on really lazy days) I use:

    capture="&amp;(?!amp;)" capturereplace="&amp;amp;"
    

    to translate all &-signs that aren't follwed på amp; to proper ones.

    We have cases where the input is in CDATA but the system which uses the XML doesn't take it into account. It's a sloppy fix, beware...

相关阅读:

InflateException: Binary XML file line #1: Error inflating class <unknown> caused by OutOfMemoryError

How do I comment out a block of tags in XML?

Text editor to open big (giant, huge, large) text files

XML Schema (XSD) validation tool?

Getting specified Node values from XML document

What does <![CDATA[]]> in XML mean?

How do I parse XML in Python?

How To Auto-Format / Indent XML/HTML in Notepad++

What characters do I need to escape in XML documents?

How do I escape ampersands in XML so they are rendered as entities in HTML?