Quotes in locators are not escaped when creating xpath

[spooning]

Originally submitted to Google Code by @pekkaklarck on 2 Sep 2009

This problem was reported in the users mailing list:

http://groups.google.com/group/robotframework-users/browse_thread/thread/654389774d0ed4c2

The problem seemed to be that quotes in the original locator aren't escaped when the xpath is generated. Based on the below code from xpath_for_locator method in SeleniumLibrary/utils.py this analysis was correct:

xpath_attributes = ' or '.join(['%s="%s"' % (attr, locator) for attr 
                               in _TAGDATA[tagname]])
return  "xpath=//%s[%s]" % (tagname, xpath_attributes)

Now we only need to know what's the correct way to escape quotes. I don't really know xpath but I'd guess it's either '\"' or '"'.

Are there possibly other quoting needs? Are characters '<', '&', and '>' valid in xpath expressions? Backslash? If there's a way to escape xpath, we probably need to escape also those escape characters. What about newlines and tabs?

[spooning]

Originally submitted to Google Code by @pekkaklarck on 2 Sep 2009

Just realized that we should also escape all characters that have special meaning in xpath when constructing xpath from a locator that's not xpath itself. Otherwise, for example, clicking link with text 'Hello' matches anything containing 'Hello'.

Changing this is behavior is, however, problematic as it's backwards incompatible. For example in the mail thread I linked in the description problematic '"' was replaced with '*', and that won't work anymore if we change this.

[spooning]

Originally submitted to Google Code by @yanne on 28 Oct 2009

We decided not handle '_' in any special way. Issue 57 was created to cover documenting the current behavior.

[spooning]

Originally submitted to Google Code by @yanne on 28 Oct 2009

Implemented escaping for ", &, < and > in r 234.