Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.


Tip: Assembling XML with String Operations

See why it's best to not assemble XML with string operations.




Application Security Testing: An Integral Part of DevOps

String name = …

String attribute = …

String xml = "<root>"+"<name attribute=\""+ attribute +"\">"+ name +"</name>"+</root>";

Many beginners are tempted to create an XML file like the one listed above using String operations because it is easier, but this approach fails to escape reserved characters. If one of the variable name or attribute contain any of the reserved characters <,>,&, " or ' the result would be invalid.

The solution would be that the XML should be assembled in a DOM, using the JDom library, like this:

Element root = new Element("root");

Root.setAttribute("attribute", attribute);


Document doc = new Document();


XMLOutputter out = new XMLOutputter(Format.getPrettyFormat());

String xml = out.outputString(root);


Visit the DevX Tip Bank


Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.
Thanks for your registration, follow us on our social networks to keep up-to-date