[Webkit-unassigned] [Bug 18421] New: XMLHttpRequest does not properly encode & and < in outgoing messages

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 10 22:02:58 PDT 2008


           Summary: XMLHttpRequest does not properly encode & and < in
                    outgoing messages
           Product: WebKit
           Version: 525.x (Safari 3.1)
          Platform: All
        OS/Version: Mac OS X 10.5
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: keith at app2you.com

This bug is evident on both mac and windows version of Safari 3.1. I have not
tested previous versions, as I do not have access to them. The following is the
contents of an email I sent to the dev list regarding the issue:

I'm having a little problem with Safari (3.1) and the escaping of XML
when using XmlHttpRequest. The behavior that I'm seeing is that
Safari/Webkit is not properly escaping & and < when sending an XML document
to the server. For example, if I have the following XML document:

<foo foo="a&b">a&b</foo>

On Firefox/IE, the value sent to the server is:

<foo foo"a&b">a&b</foo>

However, on Safari, the value is:

<foo foo="a&b">a&b</foo>

I have included some proof-of-concept code at the end of this email. Please
let me know if there is something obvious that I'm doing wrong, or if this
is really a bug in Safari/Webkit. Thanks.


Sample Code:

This code simply creates an XML document that is the same as the example I
gave above. It then creates an XHR object and sends it to the server. The
server simply sends the received value back to the client, which is then
displayed using an alert dialog. Under IE and FF, this code works fine.
Under Safari, however, it does not.



    <script type="text/javascript">
        // Create a new document
        var dom = document.implementation.createDocument("","", null);

        // Create the root node
        var root = dom.appendChild(dom.createElement("foo"));

        // Add an attribute
        root.setAttribute("foo", "a&b");

        // Add a text node
        var txt = dom.createTextNode("a&b");

        // Append it

        // Create the XHR object
        var xhr = new XMLHttpRequest();
        xhr.open("POST", "test.php", true);
        xhr.onreadystatechange = function()
            if (xhr.readyState == 4 && xhr.status == 200)




    print @file_get_contents('php://input');

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list