Feature Request: Support for Canonical XML (C14N) Output

[RodolfoSilva]

Description

Currently, XmlBuilder is a great tool for building XML structures in Elixir. However, it lacks support for generating Canonical XML (C14N), which is a strict serialization format required by many XML-based digital signature standards such as XML-DSig, SAML, and WS-Security.

This feature would allow to generate canonicalized XML directly from Elixir, enabling secure and standards-compliant digital signatures without depending on external tools such as xmllint or xmlsec.

Use Cases

• Generating XML for digital signature workflows (e.g., XML-DSig)
• Interoperability with systems that require exact byte-level XML matching
• Integration with government and financial systems (e.g., NF-e, CT-e)
• Simplifying testing and verification of XML structures

Requirements

To support C14N, the output would need to comply with W3C Canonical XML rules:

• Attribute ordering must follow lexicographical order
• Namespace declarations must be properly managed and ordered
• Whitespace must be strictly normalized (e.g., no indentation, newlines, or extra spaces)
• No extraneous XML declarations unless required
• Escaped characters must conform to canonical forms (<, &, etc.)
• Support for both inclusive and exclusive canonicalization modes would be ideal

Proposed Options

1. Add a new option in XmlBuilder.generate/2, such as canonical: true
2. Provide a separate function (e.g., XmlBuilder.canonical_generate/1)
3. Expose hooks or options for customizing serialization (e.g., attribute sorting, namespace handling)

References

• W3C Recommendation: Canonical XML 1.0
• W3C Recommendation: Exclusive XML Canonicalization

Workarounds

Currently, developers must resort to shelling out to xmllint or xmlsec1 to achieve canonicalization, which introduces performance, deployment, and portability issues.

Why This Matters

Adding official C14N support would make XmlBuilder more robust and production-ready for a broader range of XML use cases, especially in security-sensitive and standards-compliant environments.

Thank you for considering this feature!

[joshnuss]

Hi @RodolfoSilva

Could this be achieved with a customer formatter?
Since this repo already has the concept of a Format modules that handles whitespace and indentation.

The Format module could be expanded to handle ordering for attributes and namespaces.

[RodolfoSilva]

@joshnuss Yes, I think it could work.
Here's how I'm handling it today:

defmodule XmlBuilder.C14N do
  def normalize(nil), do: nil

  def normalize({name, attrs, children}) when is_list(children) do
    {name, sort_attrs(attrs), Enum.map(children, &normalize/1)}
  end

  def normalize({name, attrs, {:cdata, text}}) when is_binary(text) do
    {name, sort_attrs(attrs), escape_text(text)}
  end

  def normalize({name, attrs, text}) when is_binary(text) do
    {name, sort_attrs(attrs), escape_text(text)}
  end

  def normalize({name, attrs, content}) do
    {name, sort_attrs(attrs), content}
  end

  defp sort_attrs(nil), do: nil

  defp sort_attrs(attrs) do
    attrs
    |> Enum.sort_by(fn {k, _} -> to_string(k) end)
    |> Enum.map(fn {k, v} -> {k, escape_string(v)} end)
  end

  defp escape_text(value) do
    value
    |> to_string()
    |> String.replace("&", "&")
    |> String.replace("<", "&lt;")
    |> String.replace(">", "&gt;")
  end

  defp escape_string(value) do
    value
    |> escape_text()
    |> String.replace("\"", "&quot;")
    |> String.replace("'", "&apos;")
    |> String.replace("\r", "&#xD;")
  end
end

Usage

...declarations
|> XmlBuilder.C14N.normalize()
|> XmlBuilder.generate()