Predefined escape function in ABAP – escape your HTML / XML / JS content
I want to mention the nice feature of escaping string characters in ABAP. There is predefined function escape available with all options (HTML, XML, JS, JSON, XSS, URI, etc.) when you are using SAP_BASIS >= 731.
Calling of the function is in this format:
escaped_string = escape( val = unescaped_string format = format )
There are several use cases when you can use it such as:
- Encoding URL / URIs
- Encoding file name in HTTP header response as described in my other blog post
There are two nice documentation sites:
- First is standard ABAP keyword documentation where you can find well-defined escaping rules for different formats. ABAP Keyword Documentation
- Second one explains the escape function if context of cross-site scripting SAP Encoding Functions for AS ABAP – Secure Programming – SAP Library
This escape function should provide complex way in order to escape everything. I hope you enjoy it.