I am currently working on a solution to store user-input in an XML document using client-side JavaScript and then transmit it to the server for persistence.
One specific issue that I encountered was when a user input text containing an STX character (0x2), which caused problems with serialization. The XMLSerializer did not escape the STX character properly, resulting in invalid XML output. It is possible that the .attr() call should have handled the escaping, but regardless, incorrect XML was generated.
I have noticed inconsistencies with the output of XMLSerializer() in the browser, as it does not consistently produce well-formed XML that would satisfy even the browser's DOMParser().
A concrete example illustrating the problem with encoding the STX character can be seen below:
> doc = $.parseXML('<?xml version="1.0" encoding="utf-8" ?>\n<elem></elem>');
#document
> $(doc).find("elem").attr("someattr", String.fromCharCode(0x2));
[ <elem someattr=""></elem> ]
> serializedDoc = new XMLSerializer().serializeToString(doc);
"<?xml version="1.0" encoding="utf-8"?><elem someattr=""/></elem>"
> $.parseXML(serializedDoc);
Error: Invalid XML: <?xml version="1.0" encoding="utf-8"?><elem someattr=""/></elem>
I need guidance on how to create an XML document in the browser, where parameters are determined by user input, ensuring that it will always be well-formed with proper escaping. Note that support for IE8 or IE7 is not required.
(While I do validate the XML on the server side, if the browser sends a document that is not well-formed, the server can only reject it, which is not ideal for the user).