In what context are angle brackets escaped with backslashes?

Question

Hello, a bit of unusual question - in what context are angle brackets escaped with backslashes?

I am sending an XML document (as a string xsd type) through a web service, which saves it to database, but there I see all XML's angle brackets escaped with a backslash, so I am wondering where exactly (Java XML creation using DocumentBuilder and Transformer, Web services stack, saving to database, or some other?) it gets escaped?

Example:

intended XML:

<?xml version="1.0" encoding="UTF-8"?><Params><param name="qqq">1</param></Params>

actual result:

\<?xml versionenter code here="1.0" encoding="UTF-8"?\>\<Params\>\<param name="qqq"\>1\</param\>\</Params\>

Answer 1

The left angle bracket should be escaped as the entity < (as well as any ampersand as &) that's all there is to escaping within the context of XML.

I've run into situations where angle brackets had a different meaning within the context of regular expressions and had to be escaped like shown in your question. But no conforming XML parser would look at that string and say, yeah, that's perfectly fine. Because it ain't. Those backslashes shouldn't be there unless I'm missing something.

Answer 2

Left angle bracket characters are not escaped that way in legitimate HTML or XML. In both those formats '<' characters are replaced with "<". Specifically, I would not expect a standards compliant XML builder / serializer or a webservices stack to do this.

They are not escaped that way in URLs. If you were crazy enough to embed XML in a URL, you would use "%xx" encoding.

I don't see why a DBMS would need to do this to character data that it stores.

The only common situation I can think of where you would use a '\' to escape an '<' is in some Wiki markup languages.

IMO, the most likely explanation is that this is some application-specific funkiness with the web service you are using.