PHP :: Bug #54214 :: DOMDocument::createTextNode allows low ascii without exception

Bug #54214	DOMDocument::createTextNode allows low ascii without exception
Submitted:	2011-03-10 17:59 UTC	Modified:	2011-03-11 04:47 UTC
From:	trenjeska+php at gmail dot com	Assigned:
Status:	Not a bug	Package:	DOM XML related
PHP Version:	5.2.17	OS:	windows server
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	trenjeska+php at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2011-03-10 17:59 UTC] trenjeska+php at gmail dot com

Description:
------------
---
From manual page: http://nl3.php.net/manual/en/domdocument.createtextnode.php
---
createtextnode still returns the DOMText if there is low-ascii in the string.
It should return false. DOMDocument is there to be used to make sure you output well-formed xml. Now it silently creates invalid xml, even though the proper functions have been used.
MSXML _does_ except at this point.

Test script:
---------------
.createTextNode("Mensje Francina")

There is a low ascii (0x06) in front of the "F" in there for copy-paste pleasures

Expected result:
----------------
FALSE

Actual result:
--------------
DOMText node

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-03-11 04:47 UTC] aharvey@php.net

-Status: Open +Status: Bogus

[2011-03-11 04:47 UTC] aharvey@php.net

The XML specification defines the list of valid characters thusly:

Char ::= [#x1-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]

In theory, therefore, 0x06 actually falls into that range.

In practice, what happens is that restricted characters can't be serialised by libxml, so while you can create the DOMText object (correctly), you'll get a warning on output:

Warning: DOMDocument::saveXML(): xmlEscapeEntities : char out of range in /tmp/test.php on line 9

This seems reasonable to me -- you still get a warning, just at a different point.

Closing.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Oct 29 22:00:02 2025 UTC