#44648 [Opn]: All-or-nothing for production checks in DOM interface

Sat, 05 Apr 2008 15:54:14 -0700 

 ID:               44648
 Updated by:       [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
 Status:           Open
 Bug Type:         DOM XML related
 Operating System: Windows Vista
 PHP Version:      5.2.5
-Assigned To:      
+Assigned To:      rrichards
 New Comment:

assign to self.

The strictness is dependent upon the DOM specs and setAttribute should

be throwing an exception in that case. While I am going to go through 
and check other methods, let me know if you come across any others that

are not validating names correctly.




Previous Comments:
------------------------------------------------------------------------

[2008-04-05 21:55:06] [EMAIL PROTECTED]

Description:
------------
libxml2 is fairly lenient when it comes to what it allows to go into
its nodes; you can set attributes and tags with illegal characters in
them and it won't complain. The burden is on the userland code to
perform an appropriate check with the xmlValidate*() functions.

PHP's DOM implementation is extremely spotty when it comes to these
checks, which allows for some broken XML to easily be generated. For
example,

$d = new DOMDocument();
$d->appendChild($n = $d->createElement('a'));
$n->setAttribute('"@', 'foo');
echo $d->saveXML();

outputs:

<?xml version="1.0"?>
<a "@="foo"/>

Which is clearly incorrect. However, if I attempt to

$d->createElement('a@');

DOM complains, because xmlValidateName was called on the element name.

Now, I actually don't mind the lack of checking; the DOM tree is useful
for things like HTML, where the rules are slightly different from XMLs;
an HTML tree can contain a "a@" node, although it would not be valid
HTML. (You can try it out for yourself on Firefox by putting that in a
document and then inspecting the DOM).

However, I want consistency, and I also want the ability to switch on
strict checking when I so desire (especially when I'm producing XML). So
I want all-or-nothing production checks in PHP DOM, adding another
property in DOMDocument (or maybe even a global libxml configuration
option) that specifies whether or not strict production checking should
be done.



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=44648&edit=1

Reply via email to