[webkit-dev] XHR XML Escaping
Keith Kowalczykowski
keith at app2you.com
Thu Apr 10 19:37:59 PDT 2008
Hi Everyone,
I'm having a little problem with Safari (3.1) and the escaping of XML
when using XmlHttpRequest. The behavior that I'm seeing is that
Safari/Webkit is not properly escaping & and < when sending an XML document
to the server. For example, if I have the following XML document:
<foo foo="a&b">a&b</foo>
On Firefox/IE, the value sent to the server is:
<foo foo"a&b">a&b</foo>
However, on Safari, the value is:
<foo foo="a&b">a&b</foo>
I have included some proof-of-concept code at the end of this email. Please
let me know if there is something obvious that I'm doing wrong, or if this
is really a bug in Safari/Webkit. Thanks.
-Keith
Sample Code:
This code simply creates an XML document that is the same as the example I
gave above. It then creates an XHR object and sends it to the server. The
server simply sends the received value back to the client, which is then
displayed using an alert dialog. Under IE and FF, this code works fine.
Under Safari, however, it does not.
test.html
<html>
<head>
</head>
<body>
</body>
<script type="text/javascript">
// Create a new document
var dom = document.implementation.createDocument("","", null);
// Create the root node
var root = dom.appendChild(dom.createElement("foo"));
// Add an attribute
root.setAttribute("foo", "a&b");
// Add a text node
var txt = dom.createTextNode("a&b");
// Append it
root.appendChild(txt);
// Create the XHR object
var xhr = new XMLHttpRequest();
xhr.open("POST", "test.php", true);
xhr.onreadystatechange = function()
{
if (xhr.readyState == 4 && xhr.status == 200)
{
alert(xhr.responseText);
}
};
xhr.send(dom);
</script>
</html>
test.php
<?php
print @file_get_contents('php://input');
?>
More information about the webkit-dev
mailing list