1

I use an XlmSerializer to serialize a dotnet object.

One property of the dotnet object is a string with this value:

"<![CDATA[<p>No Comments</p>]]>"

Once serialized to a StringWriter, all the < and > characters are converted to &lt; and &gt; including the CDATA's.

How could I stop that from happening ?

Sam
  • 13,934
  • 26
  • 108
  • 194
  • 3
    Are you saying that you want that, when it's deserialized again, the property just be `

    No Comments

    `?     – Damien_The_Unbeliever Jul 30 '14 at 07:06
  • possible duplicate of [.Net XmlSerializer: deserialize CDATA being inner text](http://stackoverflow.com/questions/397085/net-xmlserializer-deserialize-cdata-being-inner-text) – Patrick Hofman Jul 30 '14 at 07:07
  • yes, that does not matter as it will be deserialized by a third-party service that is just interested in the actual value. The CDATA is just to make sure the xml is valid. – Sam Jul 30 '14 at 07:08

1 Answers1

1

Don't put the CDATA in - that's the serializer's job. You've just told the serializer to make a valid XML out of the CDATA string. It does exactly that - after deserialization, you're still left with <![CDATA[<p>No Comments</p>]]>. That's exactly what you asked for! And more importantly, it's exactly what you want the serializer to do with the data - otherwise you'd be opening yourself to a world of hurt, because you'd need to ensure that the data is actually secure. In essence, you're performing double encoding.

Instead, just put <p>No Comments</p> there - and the serializer will handle the escaping for you, to make sure it's valid XML that actually deserializes to <p>No Comments</p>.

Luaan
  • 62,244
  • 7
  • 97
  • 116
  • Yes, I was thinking that would work. The problem is that the third-party service in charge of deserializing the xml is written in Java and I'm not aware if it will work the same way, I'll check it out. – Sam Jul 30 '14 at 07:28
  • 1
    @Sam Java should be fine with it - the ones you should fear are all those "custom implementations" in C and such by people who have no idea that XML is a bit more complex than "wrap a couple of angular brackets around it and be done with it". The question you want to ask yourself is whether the decoded data should still contain the `CDATA` or not. – Luaan Jul 30 '14 at 07:35
  • ok, I just had a chat with the people in charge of the Java service. They deserialize "by hand", LOL. Whatever, I'll just send the XML as is. – Sam Jul 30 '14 at 07:40
  • @Sam Oh boy. Good luck. I've actually had to make my own XML (and HTTP) serializer because of a scenario like that. It's not a happy path... – Luaan Jul 30 '14 at 07:43