[webkit-dev] XHR XML Escaping

Keith Kowalczykowski keith at app2you.com
Thu Apr 10 19:37:59 PDT 2008

Hi Everyone,

    I'm having a little problem with Safari (3.1) and the escaping of XML
when using XmlHttpRequest. The behavior that I'm seeing is that
Safari/Webkit is not properly escaping & and < when sending an XML document
to the server. For example, if I have the following XML document:

<foo foo="a&b">a&b</foo>

On Firefox/IE, the value sent to the server is:

<foo foo"a&amp;b">a&amp;b</foo>

However, on Safari, the value is:

<foo foo="a&b">a&b</foo>

I have included some proof-of-concept code at the end of this email. Please
let me know if there is something obvious that I'm doing wrong, or if this
is really a bug in Safari/Webkit. Thanks.


Sample Code:

This code simply creates an XML document that is the same as the example I
gave above. It then creates an XHR object and sends it to the server. The
server simply sends the received value back to the client, which is then
displayed using an alert dialog. Under IE and FF, this code works fine.
Under Safari, however, it does not.



    <script type="text/javascript">
        // Create a new document
        var dom = document.implementation.createDocument("","", null);
        // Create the root node
        var root = dom.appendChild(dom.createElement("foo"));
        // Add an attribute
        root.setAttribute("foo", "a&b");

        // Add a text node
        var txt = dom.createTextNode("a&b");

        // Append it
        // Create the XHR object
        var xhr = new XMLHttpRequest();
        xhr.open("POST", "test.php", true);
        xhr.onreadystatechange = function()
            if (xhr.readyState == 4 && xhr.status == 200)




    print @file_get_contents('php://input');

More information about the webkit-dev mailing list