Skip to main content

Module xml_escape

Module xml_escape 

Source
Expand description

XML character escaping helpers.

escape_text and escape_attr are intentionally separate even though both currently delegate to quick_xml::escape::escape (which handles all five XML special characters). Keeping them distinct lets callers communicate intent, and leaves room to differentiate behaviour in the future (e.g. skipping " / ' in text-only contexts for smaller output).

§Decision: detail escaping

SoapFault::detail is always treated as plain text in this codebase. All call sites in soap-server construct detail from internal error messages or static strings; none embed pre-formed XML markup. Therefore detail content is escaped with escape_text just like reason. If a future caller needs to embed literal XML in a fault detail element it must construct a SoapFault whose detail field already contains the correct escaped representation, or it must supply the literal XML via a wrapper element and bypass this helper.

Functions§

escape_attr
Escape a string for use in an XML attribute value (&, <, >, ", ').
escape_text
Escape a string for use in XML text content (&, <, >, ", ').