RESOLVED FIXED 18421
XMLHttpRequest does not properly encode & and < in outgoing messages
https://bugs.webkit.org/show_bug.cgi?id=18421
Summary XMLHttpRequest does not properly encode & and < in outgoing messages
Keith Kowalczykowski
Reported 2008-04-10 22:02:58 PDT
This bug is evident on both mac and windows version of Safari 3.1. I have not tested previous versions, as I do not have access to them. The following is the contents of an email I sent to the dev list regarding the issue: I'm having a little problem with Safari (3.1) and the escaping of XML when using XmlHttpRequest. The behavior that I'm seeing is that Safari/Webkit is not properly escaping & and < when sending an XML document to the server. For example, if I have the following XML document: <foo foo="a&b">a&b</foo> On Firefox/IE, the value sent to the server is: <foo foo"a&amp;b">a&amp;b</foo> However, on Safari, the value is: <foo foo="a&b">a&b</foo> I have included some proof-of-concept code at the end of this email. Please let me know if there is something obvious that I'm doing wrong, or if this is really a bug in Safari/Webkit. Thanks. -Keith Sample Code: This code simply creates an XML document that is the same as the example I gave above. It then creates an XHR object and sends it to the server. The server simply sends the received value back to the client, which is then displayed using an alert dialog. Under IE and FF, this code works fine. Under Safari, however, it does not. test.html <html> <head> </head> <body> </body> <script type="text/javascript"> // Create a new document var dom = document.implementation.createDocument("","", null); // Create the root node var root = dom.appendChild(dom.createElement("foo")); // Add an attribute root.setAttribute("foo", "a&b"); // Add a text node var txt = dom.createTextNode("a&b"); // Append it root.appendChild(txt); // Create the XHR object var xhr = new XMLHttpRequest(); xhr.open("POST", "test.php", true); xhr.onreadystatechange = function() { if (xhr.readyState == 4 && xhr.status == 200) { alert(xhr.responseText); } }; xhr.send(dom); </script> </html> test.php <?php print @file_get_contents('php://input'); ?>
Attachments
proposed fix (14.96 KB, patch)
2008-05-19 10:26 PDT, Alexey Proskuryakov
darin: review+
Mark Rowe (bdash)
Comment 1 2008-04-10 22:27:29 PDT
Confirmed with 3.1 and TOT WebKit.
Mark Rowe (bdash)
Comment 2 2008-04-10 22:28:08 PDT
Mark Rowe (bdash)
Comment 3 2008-04-10 22:31:23 PDT
I uploaded the test case to <http://bdash.net.nz/files/bug-18421.html> for easy access.
Keith Kowalczykowski
Comment 4 2008-04-10 22:46:04 PDT
Here is some additional discussion that occurred on the dev list, for future reference: Erik Seidel: The FF/IE behavior looks to be in disagreement with the spec: http://www.w3.org/TR/XMLHttpRequest/#send So it seems like both the spec and our code should be changed. Please file a bug: http://webkit.org/quality/reporting.html Bugs reported on the mailing list are unlikely to be fixed unless also added to the bugs database. -eric Me: Hi Eric, Thanks for the quick response. Based upon the way I interpret the spec, it seems as though FF and IE are in agreement. Specifically, the spec states that send() should "Serialize data into a namespace well-formed XML document and encoded using the encoding given by data.xmlEncoding, if specified, or UTF-8 otherwise." Looking at the XML spec ( http://www.w3.org/TR/2006/REC-xml-20060816/#sec-well-formed), a well formed document should exclude < and & from attribute and entity values. Therefore, it seems as though FF/IE are doing the correct thing in escaping these characters, where-as Safari is not. Maybe I'm interpreting something wrong, though? I have filed a bug #18421 about the issue. What is the general processes for looking at/prioritizing bugs within WebKit? Thanks, Keith Eric Seidel: My apologies. I misread your message. You are correct. Our behavior seems wrong to me too. Please file a bug. -eric
Alexey Proskuryakov
Comment 5 2008-05-18 22:19:55 PDT
See also: bug 19122.
Alexey Proskuryakov
Comment 6 2008-05-19 10:17:26 PDT
*** Bug 19122 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 7 2008-05-19 10:26:08 PDT
Created attachment 21228 [details] proposed fix
Darin Adler
Comment 8 2008-05-19 10:35:29 PDT
Comment on attachment 21228 [details] proposed fix r=me
Alexey Proskuryakov
Comment 9 2008-05-19 12:14:10 PDT
Committed revision 33577.
Note You need to log in before you can comment on or make changes to this bug.