Encodes a string for safe output within an XML attribute to prevent Cross Site Scripting attacks. Use encodeForXML when outputting a variable inside a XML tag body.

encodeForXMLAttribute(string [,canonicalize]); → returns string

Argument Reference

string string

The string to encode.

canonicalize boolean
Default: false

If set to true, canonicalization happens before encoding. If set to false, the given input string will just be encoded.
When this parameter is not specified, canonicalization will not happen. By default, when canonicalization is performed, both mixed and multiple encodings will be allowed.
To use any other combinations you should canonicalize using canonicalize method and then do encoding.

Sample code invoking the encodeForXMLAttribute function

Encodes the single quote into an XML entity.

encodeForXMLAttribute("It's for use in attribute values")

Expected Result: It's for use in attribute values

Fork me on GitHub