Sometimes you want to escape something without using a DOM instance. This
method escapes a String value so that it may be written as the value of
an XML attribute in a manner that is also compatible with HTML. Note that
the best solution is to use a DOM instance, which will automatically
escape attribute values and PCDATA as they are inserted into the DOM
instance.
The following notes are excerpted from the HTML and XML specifications
- HTML: By default, SGML requires that all attribute values be
delimited using either double quotation marks (ASCII decimal 34) or
single quotation marks (ASCII decimal 39). Single quote marks can be
included within the attribute value when the value is delimited by double
quote marks, and vice versa. Authors may also use numeric character
references to represent double quotes (") and single quotes (').
For double quotes authors can also use the character entity reference
".
In certain cases, authors may specify the value of an attribute without
any quotation marks. The attribute value may only contain letters (a-z
and A-Z), digits (0-9), hyphens (ASCII decimal 45), periods (ASCII
decimal 46), underscores (ASCII decimal 95), and colons (ASCII decimal
58). We recommend using quotation marks even when it is possible to
eliminate them.
- XML: The ampersand character (&) and the left angle bracket (<) may
appear in their literal form only when used as markup delimiters, or
within a comment, a processing instruction, or a CDATA section. If they
are needed elsewhere, they must be escaped using either numeric character
references or the strings "&" and "<" respectively. The right
angle bracket (>) may be represented using the string ">", and must,
for compatibility, be escaped using ">" or a character reference when
it appears in the string "]]>" in content, when that string is not
marking the end of a CDATA section.