Function escapeXml

escapeXml(text: string): string
Escapes special XML characters in text content to ensure valid XML output.

This function replaces the five XML special characters with their corresponding entity references to prevent XML parsing errors and potential security issues like XML injection attacks. The order of replacements is critical - ampersand must be replaced first to avoid double-escaping entity references.

The five XML entities that must be escaped are:
- & (ampersand) becomes &
- < (less than) becomes <
- > (greater than) becomes >
- " (double quote) becomes "
- ' (single quote/apostrophe) becomes '
This function is essential when inserting user-provided or dynamic content into SSML documents to ensure the XML remains well-formed and secure.
Parameters
- text: string
  The text content to escape
Returns string
The text with all XML special characters properly escaped
Example
```
// Basic escaping
escapeXml('Hello & goodbye');
// Returns: 'Hello &amp; goodbye'

// Escaping all special characters
escapeXml('Price < \$10 & > \$5');
// Returns: 'Price &lt; \$10 &amp; &gt; \$5'

// Escaping quotes in text
escapeXml('She said "Hello" and I\'m happy');
// Returns: 'She said &quot;Hello&quot; and I&apos;m happy'

// Preventing XML injection
escapeXml('</voice><voice name="malicious">Evil text');
// Returns: '&lt;/voice&gt;&lt;voice name=&quot;malicious&quot;&gt;Evil text'

// Safe for use in SSML
const userInput = 'Tom & Jerry <script>alert("XSS")</script>';
const safeText = escapeXml(userInput);
const ssml = `<speak><voice name="en-US-AvaNeural">${safeText}</voice></speak>`;
// Result: Valid SSML with escaped user input
```
See
- https://www.w3.org/TR/xml/#dt-escape XML Character Escaping
- https://cheatsheetseries.owasp.org/cheatsheets/XML_Security_Cheat_Sheet.html OWASP XML Security
- Defined in utils/xml.ts:62

Function escapeXml

Parameters

Returns string

Example

See

Settings