|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #22589 Incorrect CDATA output by DomDocument::dump_mem()
Submitted: 2003-03-07 06:42 UTC Modified: 2003-03-11 02:43 UTC
From: ed at avi dot ru Assigned:
Status: Wont fix Package: DOM XML related
PHP Version: 4.3.0 OS: Windows 98
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: ed at avi dot ru
New email:
PHP Version: OS:


 [2003-03-07 06:42 UTC] ed at avi dot ru
When we put some XML markup in CDATA section of dom_xml's DomDocument, everything goes OK. But when that markup contains CDATA section ITSELF, the output is invalid due to the unescaped ']]>' sequence in CDATA section. Here's the code:


	$doc = domxml_new_doc ('1.0');
	$root = $doc->append_child ($doc->create_element ('root'));

	$cdata_1 = $root->append_child ($doc->create_element ('cdata-1'));
	$cdata_1->append_child ($doc->create_cdata_section ('Some generic text'));

	print ('<PRE>');

	print ("Test 1. Everything's ok.\n\n");
	print (htmlspecialchars ($doc->dump_mem (TRUE, 'UTF-8')));

	$cdata_1->unlink_node ();

	$cdata_2 = $root->append_child ($doc->create_element ('cdata-2'));
	$cdata_2->append_child ($doc->create_cdata_section ('<?xml version="1.0"?><root><![CDATA[Some XML with CDATA]]></root>'));

	print ("\n\nTest 2. The ]]&gt; symbol sequence in CDATA is not escaped.\n\n");
	print (htmlspecialchars ($doc->dump_mem (TRUE, 'UTF-8')));

	print ('</PRE>');



Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-03-11 02:36 UTC]
There is no standard way to do that. you have to ensure by yourself, that you don't insert ]]> into CDATA sections. 

How would you escape it anyway? Entities are not resolved in CDATA Sections.

One solution would be to "htmlspecialchar()" your string and then append it as Textnode: 

	$cdata_2->append_child ($doc->create_text_node (htmlspecialchars('<?xml
version="1.0"?><root><![CDATA[Some XML with CDATA]]></root>')));

produces at least well-formed xml code

 [2003-03-11 02:43 UTC]
The report wasn't really bogus, more appropriate is the "Wont fix" tag, because it's the php-script-developers problem to assure the inserted strings are correct IMHO.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu May 30 11:01:31 2024 UTC