php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #22589 Incorrect CDATA output by DomDocument::dump_mem()
Submitted: 2003-03-07 06:42 UTC Modified: 2003-03-11 02:43 UTC
From: ed at avi dot ru Assigned:
Status: Wont fix Package: DOM XML related
PHP Version: 4.3.0 OS: Windows 98
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2003-03-07 06:42 UTC] ed at avi dot ru
When we put some XML markup in CDATA section of dom_xml's DomDocument, everything goes OK. But when that markup contains CDATA section ITSELF, the output is invalid due to the unescaped ']]>' sequence in CDATA section. Here's the code:

<?PHP

	$doc = domxml_new_doc ('1.0');
	$root = $doc->append_child ($doc->create_element ('root'));

	$cdata_1 = $root->append_child ($doc->create_element ('cdata-1'));
	$cdata_1->append_child ($doc->create_cdata_section ('Some generic text'));

	print ('<PRE>');

	print ("Test 1. Everything's ok.\n\n");
	print (htmlspecialchars ($doc->dump_mem (TRUE, 'UTF-8')));

	$cdata_1->unlink_node ();

	$cdata_2 = $root->append_child ($doc->create_element ('cdata-2'));
	$cdata_2->append_child ($doc->create_cdata_section ('<?xml version="1.0"?><root><![CDATA[Some XML with CDATA]]></root>'));

	print ("\n\nTest 2. The ]]&gt; symbol sequence in CDATA is not escaped.\n\n");
	print (htmlspecialchars ($doc->dump_mem (TRUE, 'UTF-8')));

	print ('</PRE>');

?>


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-03-11 02:36 UTC] chregu@php.net
There is no standard way to do that. you have to ensure by yourself, that you don't insert ]]> into CDATA sections. 

How would you escape it anyway? Entities are not resolved in CDATA Sections.

One solution would be to "htmlspecialchar()" your string and then append it as Textnode: 

	$cdata_2->append_child ($doc->create_text_node (htmlspecialchars('<?xml
version="1.0"?><root><![CDATA[Some XML with CDATA]]></root>')));

produces at least well-formed xml code

chregu
 [2003-03-11 02:43 UTC] chregu@php.net
The report wasn't really bogus, more appropriate is the "Wont fix" tag, because it's the php-script-developers problem to assure the inserted strings are correct IMHO.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Apr 25 12:01:25 2019 UTC