|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2004-12-20 08:10 UTC] chregu@php.net
[2010-01-16 22:13 UTC] svn@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Dec 21 18:01:29 2024 UTC |
Description: ------------ It looks like no escaping is done to the optional "value" parameter in the DomDocument::createElement() and DomDocument::createElementNS(). The online documentation doesn't specify what the correct behavior should be, and it's not part of the DOM standard, so it seems possible that this is a bug. Reproduce code: --------------- $document = new DomDocument(); $element = $document->createElement('foo','&'); Expected result: ---------------- I would expect the '&' (or any other character that should be escaped) to be escaped as if I had used DomDocument::createTextNode(). Actual result: -------------- Warning: unterminated entity reference in [FILE] on line [LINE]