[webkit-dev] XHR XML Escaping
Eric Seidel
eric at webkit.org
Thu Apr 10 22:28:18 PDT 2008
My apologies.
I misread your message. You are correct. Our behavior seems wrong to
me too. Please file a bug.
-eric
On Thu, Apr 10, 2008 at 10:20 PM, Keith Kowalczykowski
<keith at app2you.com> wrote:
> Hi Eric,
>
> Thanks for the quick response. Based upon the way I interpret the spec,
> it seems as though FF and IE are in agreement. Specifically, the spec states
> that send() should "Serialize data into a namespace well-formed XML document
> and encoded using the encoding given by data.xmlEncoding, if specified, or
> UTF-8 otherwise." Looking at the XML spec (
> http://www.w3.org/TR/2006/REC-xml-20060816/#sec-well-formed), a well formed
> document should exclude < and & from attribute and entity values. Therefore,
> it seems as though FF/IE are doing the correct thing in escaping these
> characters, where-as Safari is not. Maybe I'm interpreting something wrong,
> though?
>
> I have filed a bug #18421 about the issue. What is the general processes
> for looking at/prioritizing bugs within WebKit?
>
> Thanks,
> Keith
>
>
>
> > The FF/IE behavior looks to be in disagreement with the spec:
> >
> > http://www.w3.org/TR/XMLHttpRequest/#send
> >
> > So it seems like both the spec and our code should be changed.
> >
> > Please file a bug:
> > http://webkit.org/quality/reporting.html
> >
> > Bugs reported on the mailing list are unlikely to be fixed unless also
> > added to the bugs database.
> >
> > -eric
> >
> >
> > On Thu, Apr 10, 2008 at 7:37 PM, Keith Kowalczykowski <keith at app2you.com>
> > wrote:
> >> Hi Everyone,
> >>
> >> I'm having a little problem with Safari (3.1) and the escaping of XML
> >> when using XmlHttpRequest. The behavior that I'm seeing is that
> >> Safari/Webkit is not properly escaping & and < when sending an XML document
> >> to the server. For example, if I have the following XML document:
> >>
> >> <foo foo="a&b">a&b</foo>
> >>
> >> On Firefox/IE, the value sent to the server is:
> >>
> >> <foo foo"a&b">a&b</foo>
> >>
> >> However, on Safari, the value is:
> >>
> >> <foo foo="a&b">a&b</foo>
> >>
> >> I have included some proof-of-concept code at the end of this email. Please
> >> let me know if there is something obvious that I'm doing wrong, or if this
> >> is really a bug in Safari/Webkit. Thanks.
> >>
> >> -Keith
> >>
> >> Sample Code:
> >>
> >> This code simply creates an XML document that is the same as the example I
> >> gave above. It then creates an XHR object and sends it to the server. The
> >> server simply sends the received value back to the client, which is then
> >> displayed using an alert dialog. Under IE and FF, this code works fine.
> >> Under Safari, however, it does not.
> >>
> >> test.html
> >>
> >> <html>
> >> <head>
> >> </head>
> >>
> >> <body>
> >> </body>
> >> <script type="text/javascript">
> >> // Create a new document
> >> var dom = document.implementation.createDocument("","", null);
> >>
> >> // Create the root node
> >> var root = dom.appendChild(dom.createElement("foo"));
> >>
> >> // Add an attribute
> >> root.setAttribute("foo", "a&b");
> >>
> >> // Add a text node
> >> var txt = dom.createTextNode("a&b");
> >>
> >> // Append it
> >> root.appendChild(txt);
> >>
> >> // Create the XHR object
> >> var xhr = new XMLHttpRequest();
> >> xhr.open("POST", "test.php", true);
> >> xhr.onreadystatechange = function()
> >> {
> >> if (xhr.readyState == 4 && xhr.status == 200)
> >> {
> >> alert(xhr.responseText);
> >> }
> >> };
> >> xhr.send(dom);
> >>
> >>
> >>
> >> </script>
> >>
> >> </html>
> >>
> >> test.php
> >>
> >> <?php
> >> print @file_get_contents('php://input');
> >> ?>
> >>
> >>
> >> _______________________________________________
> >> webkit-dev mailing list
> >> webkit-dev at lists.webkit.org
> >> http://lists.webkit.org/mailman/listinfo/webkit-dev
> >>
>
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo/webkit-dev
>
More information about the webkit-dev
mailing list