I want to mention the nice feature of escaping string characters in ABAP. There is predefined function escape available with all options (HTML, XML, JS, JSON, XSS, URI, etc.) when you are using SAP_BASIS >= 731.
Function definition
Calling of the function is in this format:
escaped_string = escape( val = unescaped_string format = format )
Use cases
There are several use cases when you can use it such as:
- Encoding URL / URIs
- Escaping XML / HTML content, even HTML with Javascript
- Encoding file name in HTTP header response as described in my other blog post
Documentation
There are two nice documentation sites:
- First is standard ABAP keyword documentation where you can find well-defined escaping rules for different formats. ABAP Keyword Documentation
- Second one explains the escape function if context of cross-site scripting SAP Encoding Functions for AS ABAP - Secure Programming - SAP Library
This escape function should provide complex way in order to escape everything. I hope you enjoy it.