org.w3c.dom.Node.setNodeValue() not encoding certain special characters

Using Java, I set the value of a <value> attribute in an xml file to be

String val = "~!@#$%^&*()_+-={}|[]\\:\";'<>?,./;"

When I tried to use the api with input

org.w3c.dom.Node.setNodeValue(val)

and take a look at the xml, I see that the value attribute in the resulting xml looks this way-

<Value>~!@#$%^&amp;*()_+-={}|[]\:";'&lt;>?,./</Value>

I'm trying to figure out why this third party API is encoding only < and &, but not >, ' or ".

Jon Skeet
people
quotationmark

It's simply because it doesn't need to escape >, ' or ".

The quotes would only need to be encoded in an attribute which was opened with the same kind of quote (so foo="single'quote" or bar='double"quote' is fine) and the closing angle bracket doesn't need to be encoded either, as it doesn't have any meaning when you're not potentially closing the element.

It would be entirely valid for it to encode them anyway - but not doing so is valid too.

people

See more on this question at Stackoverflow