xmlsafe

A streaming XML writer that:

prevents accidental XML injections by requiring its arguments to implement specific traits
provides a tag! macro to structure your code (designed to play well with rustfmt)

If you forget to escape a string, your code just doesn't compile. To be safe from XML injections keep two things in mind:

Whenever you supply a string literal (&'static str), take care that it is syntactically valid for the respective context.
Whenever you implement one of the traits, take care that you fulfill its requirements.

Example

```rust use std::fmt::Error; use xmlsafe::{XmlWriter, formattext, escapetext, tag};

struct User {name: String, id: u8}

fn listusers(mut w: XmlWriter, users: Vec) -> Result<(), Error> { tag!(w, "div", "class"="users", { w.write(formattext!("There are {} users:", users.len()))?; tag!(w, "ul", { for user in users { tag!(w, "li", "data-id"=user.id, { w.write(escape_text(user.name))?; }); } }); }); Ok(()) }

fn main() { let mut out = String::new(); let users = vec![User{name: "Alice".into(), id: 3}, User{name: "Bob".into(), id: 5}]; listusers(XmlWriter::new(&mut out), users).unwrap(); asserteq!(out, "

There are 2 users:\

Alice
Bob

"); } ```

Note how the XmlWriter acts as a protective layer between the actual write target (the String in our example) and the XML generation code. Also note that if we forgot the escape_text call, the example would not compile.

Safety

xmlsafe forbids unsafe code and does not panic.