php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44619 XMLWriter doesn't escape CDATA
Submitted: 2008-04-02 20:12 UTC Modified: 2008-04-02 21:21 UTC
From: evert at rooftopsolutions dot nl Assigned:
Status: Not a bug Package: XML Writer
PHP Version: 5.2.5 OS: Debian
Private report: No CVE-ID: None
 [2008-04-02 20:12 UTC] evert at rooftopsolutions dot nl
Description:
------------
XMLWriter does not escape ]]> in the writeCDATA method

Reproduce code:
---------------
<?php

    $xml = new XMLWriter();
    $xml->openMemory();
    $xml->startDocument();
    $xml->startElement('test');
    $xml->writeCDATA('<![CDATA[blabla]]>');
    $xml->endElement();
    
    echo $xml->outputMemory();


?>


Expected result:
----------------
<?xml version="1.0"?>
<test><![CDATA[<![CDATA[blabla]]]]><![CDATA[>]]></test>

Actual result:
--------------
<?xml version="1.0"?>
<test><![CDATA[<![CDATA[blabla]]>]]></test>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-04-02 21:05 UTC] rrichards@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

no escaping is supposed to be performed. It is up to you to make sure 
that the data is acceptable there.
 [2008-04-02 21:09 UTC] evert at rooftopsolutions dot nl
Should this be a documentation bug then? Nested CDATA tags are never allowed..

See also wikipedia, which actually recommends a similar approach:

http://en.wikipedia.org/wiki/Cdata
 [2008-04-02 21:21 UTC] rrichards@php.net
There are a lot of things that will break XML if put into CDATA 
sections. In most cases, data should be encoded and CDATA sections not 
used.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 23:01:28 2024 UTC