Which characters are Invalid (unless encoded) in an XML attribute?

xml xml-serialization
Euro Micelli picture Euro Micelli · May 15, 2009 · Viewed 39.9k times · Source

I can't believe I can't find this information easily accessible, so:

1) Which characters cannot be incorporated in an XML attribute without entity-encoding them?

Obviously, you need to encode quotes. What about < and >? What else?

2) Where exactly is the official list?

Answer

great_llama picture great_llama · May 15, 2009

Here is the definition of what is allowed in an attribute value.

'"' ([^<&"] | Reference)* '"'  |  "'" ([^<&'] | Reference)* "'"

So, you can't have:

  • the same character that opens/closes the attribute value (either ' or ")
  • a naked ampersand (& must be &amp;)
  • a left angle bracket (< must be &lt;)

You should also not being using any characters that are outright not legal anywhere in an XML document (such as form feeds, etc).

Related questions

Convert XML String to Object

I am receiving XML strings over a socket, and would like to convert these to C# objects. The messages are of the form: <msg> <id>1</id> <action>stop</action> </…

Read More
Using StringWriter for XML Serialization

I'm currently searching for an easy way to serialize objects (in C# 3). I googled some examples and came up with something like: MemoryStream memoryStream = new MemoryStream ( ); XmlSerializer xs = new XmlSerializer ( typeof ( MyObject) ); XmlTextWriter xmlTextWriter = new XmlTextWriter ( memoryStream, Encoding.UTF8 ); xs.…

Read More
Serializing an object as UTF-8 XML in .NET

Proper object disposal removed for brevity but I'm shocked if this is the simplest way to encode an object as UTF-8 in memory. There has to be an easier way doesn't there? var serializer = new XmlSerializer(typeof(SomeSerializableObject)); var memoryStream = …

Read More