DOMDocument->createTextNode不编码XML

时间:2022-10-20 18:31:13

I have XML that i need the user to be able to edit (inside a textarea) to his liking and then readd it to a DOMDocument Here is what i have so far.

我有XML,我需要用户能够编辑(在文本区域内)他喜欢的,然后把它读到DOMDocument。

$dom = new DOMDocument();
$dom->formatOutput = true;      //Formating the output
$ele = $dom->createElement("someele", "Hello");
$dom->appendChild( $ele );

$string = "<yowhatsup><noway>some text</noway></yowhatsup>";

$ele = $dom->createElement("otherxmlstuff", $string);
$dom->appendChild( $ele );

Now the output encodes the $string variable and that is not good for me as i want the user to be able to add xml as well as a string into my DOMDocument.

现在,输出对$string变量进行编码,这对我来说并不好,因为我希望用户能够将xml和字符串添加到我的DOMDocument中。

Could I do some pre-processing to turn text into a element as well, or am I barking up the wrong tree.

我是否也可以做一些预处理来将文本转换为元素,或者我是不是做错了。

2 个解决方案

#1


2  

You can use DOMDocumentFragment and its appendXML() method, e.g.

您可以使用DOMDocumentFragment及其appendXML()方法,例如。

<?php
$doc = new DOMDocument();
$doc->formatOutput = true;
$ele = $doc->createElement("someele", "Hello");
    $xmlstuff = $doc->createElement("otherxmlstuff");

        $fragment = $doc->createDocumentFragment();
        $fragment->appendXML("<foo>text</foo><bar>text2</bar>");
        $xmlstuff->appendChild($fragment);

    $ele->appendChild($xmlstuff);
$doc->appendChild( $ele );
echo $doc->saveXML();

prints

打印

<?xml version="1.0"?>
<someele>Hello<otherxmlstuff><foo>text</foo><bar>text2</bar></otherxmlstuff></someele>

#2


4  

You need to create a DOMDocumentFragment rather than an element. When you set an element's text – as you do with the createElement method – it is HTML encoded. This is correct behaviour. If you want to include arbitrary XML, use createDocumentFragment and appendXML:

您需要创建DOMDocumentFragment而不是创建一个元素。当您设置一个元素的文本——就像您使用createElement方法那样——它是HTML编码的。这是正确的行为。如果希望包含任意XML,请使用createDocumentFragment和appendXML:

<?php

$dom = new DOMDocument();
$dom->formatOutput = true;      //Formating the output
$ele = $dom->createElement("someele", "Hello");
$dom->appendChild( $ele );

$string = "<yowhatsup><noway>some text</noway></yowhatsup>";

$frag = $dom->createDocumentFragment();
$frag->appendXML($string);
$dom->appendChild( $frag );

But be very careful to sanitise the input that comes from your user. If you don't sanitise well, you will end up with an XSS vulnerability, allowing arbitrary content to be inserted.

但是要非常小心地清除来自用户的输入。如果不进行良好的清理,最终会出现XSS漏洞,允许插入任意内容。

#1


2  

You can use DOMDocumentFragment and its appendXML() method, e.g.

您可以使用DOMDocumentFragment及其appendXML()方法,例如。

<?php
$doc = new DOMDocument();
$doc->formatOutput = true;
$ele = $doc->createElement("someele", "Hello");
    $xmlstuff = $doc->createElement("otherxmlstuff");

        $fragment = $doc->createDocumentFragment();
        $fragment->appendXML("<foo>text</foo><bar>text2</bar>");
        $xmlstuff->appendChild($fragment);

    $ele->appendChild($xmlstuff);
$doc->appendChild( $ele );
echo $doc->saveXML();

prints

打印

<?xml version="1.0"?>
<someele>Hello<otherxmlstuff><foo>text</foo><bar>text2</bar></otherxmlstuff></someele>

#2


4  

You need to create a DOMDocumentFragment rather than an element. When you set an element's text – as you do with the createElement method – it is HTML encoded. This is correct behaviour. If you want to include arbitrary XML, use createDocumentFragment and appendXML:

您需要创建DOMDocumentFragment而不是创建一个元素。当您设置一个元素的文本——就像您使用createElement方法那样——它是HTML编码的。这是正确的行为。如果希望包含任意XML,请使用createDocumentFragment和appendXML:

<?php

$dom = new DOMDocument();
$dom->formatOutput = true;      //Formating the output
$ele = $dom->createElement("someele", "Hello");
$dom->appendChild( $ele );

$string = "<yowhatsup><noway>some text</noway></yowhatsup>";

$frag = $dom->createDocumentFragment();
$frag->appendXML($string);
$dom->appendChild( $frag );

But be very careful to sanitise the input that comes from your user. If you don't sanitise well, you will end up with an XSS vulnerability, allowing arbitrary content to be inserted.

但是要非常小心地清除来自用户的输入。如果不进行良好的清理,最终会出现XSS漏洞,允许插入任意内容。