php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #22589 Incorrect CDATA output by DomDocument::dump_mem()
Submitted: 2003-03-07 06:42 UTC Modified: 2003-03-11 02:43 UTC
From: ed at avi dot ru Assigned:
Status: Wont fix Package: DOM XML related
PHP Version: 4.3.0 OS: Windows 98
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ed at avi dot ru
New email:
PHP Version: OS:

 

 [2003-03-07 06:42 UTC] ed at avi dot ru
When we put some XML markup in CDATA section of dom_xml's DomDocument, everything goes OK. But when that markup contains CDATA section ITSELF, the output is invalid due to the unescaped ']]>' sequence in CDATA section. Here's the code:

<?PHP

	$doc = domxml_new_doc ('1.0');
	$root = $doc->append_child ($doc->create_element ('root'));

	$cdata_1 = $root->append_child ($doc->create_element ('cdata-1'));
	$cdata_1->append_child ($doc->create_cdata_section ('Some generic text'));

	print ('<PRE>');

	print ("Test 1. Everything's ok.\n\n");
	print (htmlspecialchars ($doc->dump_mem (TRUE, 'UTF-8')));

	$cdata_1->unlink_node ();

	$cdata_2 = $root->append_child ($doc->create_element ('cdata-2'));
	$cdata_2->append_child ($doc->create_cdata_section ('<?xml version="1.0"?><root><![CDATA[Some XML with CDATA]]></root>'));

	print ("\n\nTest 2. The ]]&gt; symbol sequence in CDATA is not escaped.\n\n");
	print (htmlspecialchars ($doc->dump_mem (TRUE, 'UTF-8')));

	print ('</PRE>');

?>


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-03-11 02:36 UTC] chregu@php.net
There is no standard way to do that. you have to ensure by yourself, that you don't insert ]]> into CDATA sections. 

How would you escape it anyway? Entities are not resolved in CDATA Sections.

One solution would be to "htmlspecialchar()" your string and then append it as Textnode: 

	$cdata_2->append_child ($doc->create_text_node (htmlspecialchars('<?xml
version="1.0"?><root><![CDATA[Some XML with CDATA]]></root>')));

produces at least well-formed xml code

chregu
 [2003-03-11 02:43 UTC] chregu@php.net
The report wasn't really bogus, more appropriate is the "Wont fix" tag, because it's the php-script-developers problem to assure the inserted strings are correct IMHO.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Fri Jun 20 11:01:31 2025 UTC