|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31191 "unterminated entity reference" when using the value parameter to createElement
Submitted: 2004-12-20 06:46 UTC Modified: 2004-12-20 08:10 UTC
Avg. Score:4.1 ± 1.0
Reproduced:33 of 33 (100.0%)
Same Version:8 (24.2%)
Same OS:25 (75.8%)
From: php at owenpshaw dot net Assigned:
Status: Wont fix Package: DOM XML related
PHP Version: 5.0.3 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: php at owenpshaw dot net
New email:
PHP Version: OS:


 [2004-12-20 06:46 UTC] php at owenpshaw dot net
It looks like no escaping is done to the optional "value" parameter in the DomDocument::createElement() and DomDocument::createElementNS().  The online documentation doesn't specify what the correct behavior should be, and it's not part of the DOM standard, so it seems possible that this is a bug.

Reproduce code:
$document = new DomDocument();
$element = $document->createElement('foo','&');

Expected result:
I would expect the '&' (or any other character that should be escaped) to be escaped as if I had used DomDocument::createTextNode().

Actual result:
Warning: unterminated entity reference in [FILE] on line [LINE]


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-12-20 08:10 UTC]
We discussed that topic (internally) and we decided not to implement escaping here. If I remember correctly, one of the reason was for backwards compatibility, as we discovered this  after 5.0.0 was released.

Use $doc->createTextNode() if you want to have automatic escaping
 [2010-01-16 22:13 UTC]
Automatic comment from SVN on behalf of bjori
Log: Rephrase after reading bug#31191 (see bug#50742)
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Apr 16 12:01:29 2024 UTC