[webkit-dev] XHR XML Escaping

Keith Kowalczykowski keith at app2you.com
Thu Apr 10 22:20:17 PDT 2008 

Hi Eric,

    Thanks for the quick response. Based upon the way I interpret the spec,
it seems as though FF and IE are in agreement. Specifically, the spec states
that send() should "Serialize data into a namespace well-formed XML document
and encoded using the encoding given by data.xmlEncoding, if specified, or
UTF-8 otherwise." Looking at the XML spec (
http://www.w3.org/TR/2006/REC-xml-20060816/#sec-well-formed), a well formed
document should exclude < and & from attribute and entity values. Therefore,
it seems as though FF/IE are doing the correct thing in escaping these
characters, where-as Safari is not. Maybe I'm interpreting something wrong,
though?

    I have filed a bug #18421 about the issue. What is the general processes
for looking at/prioritizing bugs within WebKit?

    Thanks,
        Keith

> The FF/IE behavior looks to be in disagreement with the spec:
> 
> http://www.w3.org/TR/XMLHttpRequest/#send
> 
> So it seems like both the spec and our code should be changed.
> 
> Please file a bug:
> http://webkit.org/quality/reporting.html
> 
> Bugs reported on the mailing list are unlikely to be fixed unless also
> added to the bugs database.
> 
> -eric
> 
> 
> On Thu, Apr 10, 2008 at 7:37 PM, Keith Kowalczykowski <keith at app2you.com>
> wrote:
>> Hi Everyone,
>> 
>>     I'm having a little problem with Safari (3.1) and the escaping of XML
>>  when using XmlHttpRequest. The behavior that I'm seeing is that
>>  Safari/Webkit is not properly escaping & and < when sending an XML document
>>  to the server. For example, if I have the following XML document:
>> 
>>  <foo foo="a&b">a&b</foo>
>> 
>>  On Firefox/IE, the value sent to the server is:
>> 
>>  <foo foo"a&amp;b">a&amp;b</foo>
>> 
>>  However, on Safari, the value is:
>> 
>>  <foo foo="a&b">a&b</foo>
>> 
>>  I have included some proof-of-concept code at the end of this email. Please
>>  let me know if there is something obvious that I'm doing wrong, or if this
>>  is really a bug in Safari/Webkit. Thanks.
>> 
>>     -Keith
>> 
>>  Sample Code:
>> 
>>  This code simply creates an XML document that is the same as the example I
>>  gave above. It then creates an XHR object and sends it to the server. The
>>  server simply sends the received value back to the client, which is then
>>  displayed using an alert dialog. Under IE and FF, this code works fine.
>>  Under Safari, however, it does not.
>> 
>>  test.html
>> 
>>  <html>
>>     <head>
>>     </head>
>> 
>>     <body>
>>     </body>
>>     <script type="text/javascript">
>>         // Create a new document
>>         var dom = document.implementation.createDocument("","", null);
>> 
>>         // Create the root node
>>         var root = dom.appendChild(dom.createElement("foo"));
>> 
>>         // Add an attribute
>>         root.setAttribute("foo", "a&b");
>> 
>>         // Add a text node
>>         var txt = dom.createTextNode("a&b");
>> 
>>         // Append it
>>         root.appendChild(txt);
>> 
>>         // Create the XHR object
>>         var xhr = new XMLHttpRequest();
>>         xhr.open("POST", "test.php", true);
>>         xhr.onreadystatechange = function()
>>         {
>>             if (xhr.readyState == 4 && xhr.status == 200)
>>             {
>>                 alert(xhr.responseText);
>>             }
>>         };
>>         xhr.send(dom);
>> 
>> 
>> 
>>     </script>
>> 
>>  </html>
>> 
>>  test.php
>> 
>>  <?php
>>     print @file_get_contents('php://input');
>>  ?>
>> 
>> 
>>  _______________________________________________
>>  webkit-dev mailing list
>>  webkit-dev at lists.webkit.org
>>  http://lists.webkit.org/mailman/listinfo/webkit-dev
>>

More information about the webkit-dev mailing list