how to escape xml entities in javascript?

Question

In JavaScript (server side nodejs) I\'m writing a program which generates xml as output.

I am building the xml by concatenating a string:

str += \'&l         


        

Answer 1

Technically, &, < and > aren't valid XML entity name characters. If you can't trust the key variable, you should filter them out.

If you want them escaped as HTML entities, you could use something like http://www.strictly-software.com/htmlencode .