skipping ]]> in a CDATA section of xml version 1.1

Question

I am using a CDATA section but the text consists of some characters and hence it is getting closed and i am getting parsing exception.

<xyz><![CDATA[\..\..\\..\..\\..\..\\..\..\\..\..\\\boot.ini]]>&#0;</xyz>

i found the below code from some site:

// Add a CDATA section to the root element
Element element = doc.getDocumentElement();
CDATASection cdata = doc.createCDATASection("data");
element.appendChild(cdata);

// If "]]>" appears in the text, two CDATA sections will be written out
cdata = doc.createCDATASection("more]]>data");
element.appendChild(cdata);

The problem in using the above logic is i do not know which element i am reading from DB will contain "]]>" so that i can write two CDATA sections.

Need ur help on this.

Answer 1

It's a very common mistake to imagine that you can put arbitrary text in a CDATA section simply by adding <![CDATA[ at the start and ]]> at the end. You need to check first whether the data contains ]]>. If it does, the usual remedy is to split it after the first ']', so if the content is A]]>B, it gets written as <![CDATA[A]]]><![CDATA[]>B]]>.

A good way to avoid this problem is to avoid serializing the XML "by hand", and instead using a serialization library to do the job.

Answer 2

Escaping arbitrary text with CDATA sections is error prone because they cannot nest.

Use entity references to escape the text instead.

However, if you really want to use CDATA sections, this section of the Wikipedia page might help.