[webkit-dev] XHR XML Escaping

Eric Seidel eric at webkit.org
Thu Apr 10 20:37:21 PDT 2008


The FF/IE behavior looks to be in disagreement with the spec:

http://www.w3.org/TR/XMLHttpRequest/#send

So it seems like both the spec and our code should be changed.

Please file a bug:
http://webkit.org/quality/reporting.html

Bugs reported on the mailing list are unlikely to be fixed unless also
added to the bugs database.

-eric


On Thu, Apr 10, 2008 at 7:37 PM, Keith Kowalczykowski <keith at app2you.com> wrote:
> Hi Everyone,
>
>     I'm having a little problem with Safari (3.1) and the escaping of XML
>  when using XmlHttpRequest. The behavior that I'm seeing is that
>  Safari/Webkit is not properly escaping & and < when sending an XML document
>  to the server. For example, if I have the following XML document:
>
>  <foo foo="a&b">a&b</foo>
>
>  On Firefox/IE, the value sent to the server is:
>
>  <foo foo"a&amp;b">a&amp;b</foo>
>
>  However, on Safari, the value is:
>
>  <foo foo="a&b">a&b</foo>
>
>  I have included some proof-of-concept code at the end of this email. Please
>  let me know if there is something obvious that I'm doing wrong, or if this
>  is really a bug in Safari/Webkit. Thanks.
>
>     -Keith
>
>  Sample Code:
>
>  This code simply creates an XML document that is the same as the example I
>  gave above. It then creates an XHR object and sends it to the server. The
>  server simply sends the received value back to the client, which is then
>  displayed using an alert dialog. Under IE and FF, this code works fine.
>  Under Safari, however, it does not.
>
>  test.html
>
>  <html>
>     <head>
>     </head>
>
>     <body>
>     </body>
>     <script type="text/javascript">
>         // Create a new document
>         var dom = document.implementation.createDocument("","", null);
>
>         // Create the root node
>         var root = dom.appendChild(dom.createElement("foo"));
>
>         // Add an attribute
>         root.setAttribute("foo", "a&b");
>
>         // Add a text node
>         var txt = dom.createTextNode("a&b");
>
>         // Append it
>         root.appendChild(txt);
>
>         // Create the XHR object
>         var xhr = new XMLHttpRequest();
>         xhr.open("POST", "test.php", true);
>         xhr.onreadystatechange = function()
>         {
>             if (xhr.readyState == 4 && xhr.status == 200)
>             {
>                 alert(xhr.responseText);
>             }
>         };
>         xhr.send(dom);
>
>
>
>     </script>
>
>  </html>
>
>  test.php
>
>  <?php
>     print @file_get_contents('php://input');
>  ?>
>
>
>  _______________________________________________
>  webkit-dev mailing list
>  webkit-dev at lists.webkit.org
>  http://lists.webkit.org/mailman/listinfo/webkit-dev
>


More information about the webkit-dev mailing list