What do these functions do in the expression language? I cannot find them in the user manual.
Sorry about that omission.
escapeSQL escapes single quotes with two single quotes and escapes backslashes with two backslashes. Pretty basic stuff to avoid problems due to including strings in dynamically generated queries.
escapeXML similarly escapes content so that it can be contained within an XML element, so it replaces XML special characters with their XML entity equivalent:
[ul][li]& becomes &[/li]
[li]< becomes <[/li]
[li]> becomes >[/li]
[li]CR becomes
[/li]
[li]" becomes "[/li]
[li]’ becomes '[/li][/ul]