[webkit-dev] XHR XML Escaping
Keith Kowalczykowski
keith at app2you.com
Thu Apr 10 22:20:17 PDT 2008
Hi Eric,
Thanks for the quick response. Based upon the way I interpret the spec,
it seems as though FF and IE are in agreement. Specifically, the spec states
that send() should "Serialize data into a namespace well-formed XML document
and encoded using the encoding given by data.xmlEncoding, if specified, or
UTF-8 otherwise." Looking at the XML spec (
http://www.w3.org/TR/2006/REC-xml-20060816/#sec-well-formed), a well formed
document should exclude < and & from attribute and entity values. Therefore,
it seems as though FF/IE are doing the correct thing in escaping these
characters, where-as Safari is not. Maybe I'm interpreting something wrong,
though?
I have filed a bug #18421 about the issue. What is the general processes
for looking at/prioritizing bugs within WebKit?
Thanks,
Keith
> The FF/IE behavior looks to be in disagreement with the spec:
>
> http://www.w3.org/TR/XMLHttpRequest/#send
>
> So it seems like both the spec and our code should be changed.
>
> Please file a bug:
> http://webkit.org/quality/reporting.html
>
> Bugs reported on the mailing list are unlikely to be fixed unless also
> added to the bugs database.
>
> -eric
>
>
> On Thu, Apr 10, 2008 at 7:37 PM, Keith Kowalczykowski <keith at app2you.com>
> wrote:
>> Hi Everyone,
>>
>> I'm having a little problem with Safari (3.1) and the escaping of XML
>> when using XmlHttpRequest. The behavior that I'm seeing is that
>> Safari/Webkit is not properly escaping & and < when sending an XML document
>> to the server. For example, if I have the following XML document:
>>
>> <foo foo="a&b">a&b</foo>
>>
>> On Firefox/IE, the value sent to the server is:
>>
>> <foo foo"a&b">a&b</foo>
>>
>> However, on Safari, the value is:
>>
>> <foo foo="a&b">a&b</foo>
>>
>> I have included some proof-of-concept code at the end of this email. Please
>> let me know if there is something obvious that I'm doing wrong, or if this
>> is really a bug in Safari/Webkit. Thanks.
>>
>> -Keith
>>
>> Sample Code:
>>
>> This code simply creates an XML document that is the same as the example I
>> gave above. It then creates an XHR object and sends it to the server. The
>> server simply sends the received value back to the client, which is then
>> displayed using an alert dialog. Under IE and FF, this code works fine.
>> Under Safari, however, it does not.
>>
>> test.html
>>
>> <html>
>> <head>
>> </head>
>>
>> <body>
>> </body>
>> <script type="text/javascript">
>> // Create a new document
>> var dom = document.implementation.createDocument("","", null);
>>
>> // Create the root node
>> var root = dom.appendChild(dom.createElement("foo"));
>>
>> // Add an attribute
>> root.setAttribute("foo", "a&b");
>>
>> // Add a text node
>> var txt = dom.createTextNode("a&b");
>>
>> // Append it
>> root.appendChild(txt);
>>
>> // Create the XHR object
>> var xhr = new XMLHttpRequest();
>> xhr.open("POST", "test.php", true);
>> xhr.onreadystatechange = function()
>> {
>> if (xhr.readyState == 4 && xhr.status == 200)
>> {
>> alert(xhr.responseText);
>> }
>> };
>> xhr.send(dom);
>>
>>
>>
>> </script>
>>
>> </html>
>>
>> test.php
>>
>> <?php
>> print @file_get_contents('php://input');
>> ?>
>>
>>
>> _______________________________________________
>> webkit-dev mailing list
>> webkit-dev at lists.webkit.org
>> http://lists.webkit.org/mailman/listinfo/webkit-dev
>>
More information about the webkit-dev
mailing list