xml addattribute escaping &

Question

I am escaping a string to match another string.

Using javascript

function escapeCode()
{
     var a = RequestIsland.XMLDocument.firstChild;
     var lineItems = a.selectNodes( "//a/p" );
     while ( (lineItem = lineItems.nextNode()) != null )
     {      
        var text = lineItem.getAttribute("c");
        alert(text);
        text = escapeXML(text);
        lineItem.setAttribute("c",text);
        alert(text);
        alert(lineItem.xml);
     }
}

using string "car's & trucks"

I get

"car's & trucks" 
"car's & trucks" 
"car's & trucks"

Somehow when the text goes into the attribute it is escaping the & again.

Anyone know why this is happening and how to stop it?

This works if the & is not in the string.

Answer 1

Well, as you note in a comment, the text is not being re-escaped when it is stored into the attribute. I think what you're seeing is that the ".xml" accessor is giving you back what some actual XML markup would have to look like in order for you to end up with an attribute value like that.

If you think about the markup itself, for your original unescaped string you'd need to do this in order for it to be valid XML:

<tag c='car&apos;s &amp; trucks'>

In other words, if you were to not quote the ampersand and apostrophe, the markup would be invalid. Your code as written is trying to update the attribute value to be the string including the escape sequences.

When setting attribute values from JavaScript, there's no need to escape special XML meta-characters. It's only important when you're preparing actual XML markup to be handed to an XML parser. Once you're messing with the DOM in JavaScript, the XML has already been parsed.

Answer 2

Escaping is something that happens automatically when the DOM tree is serialized as lexical XML. If you escape a string before adding it to the DOM tree, then it's going to end up doubly-escaped, as you have discovered.