Hi Daniel, OK, I've updated the function comment of xmlNodeSetContent() with a note similar to xmlNewDocNode(), which works on the same level AFAICS, something along
* NOTE: @content is supposed to be a piece of XML CDATA, so it allow entities * references, but XML special chars need to be escaped first by using * xmlEncodeEntitiesReentrant() resp. xmlEncodeSpecialChars(). Additoinaly, xmlNodeAddContent() has a note on the different behaviour WRT xmlNodeSetContent() and an explicit hint *not* to call xmlEncodeEntitiesReentrant(). I would've sent the patch, but while going through the source of these calls, I noticed another, maybe more serious issue. The note above (which appears in the docs for several API calls, e.g. xmlNewDocNode() and xmlNewChild()) is not correct IMHO, these calls provide no entity support, at least not for arbitrary input. As correctly documented, you've to call xmlEncodeEntitiesReentrant(), resp. xmlEncodeSpecialChars(), since special XML characters has to be replaced on that level. But a call to these function will also replace the ampersand of a possible entity reference in the content buffer. I've tested it, e.g. calling xmlNodeSetContent(node, BAD_CAST "&myEnt;") with a declared entity "myEnt" will create an XML_ENTITY_REF_NODE child node with name "myEnt" and the declared content, I'd say that's what's meant with entity support. But for arbitrary content, we've to call xmlEncodeEntitiesReentrant() first, and calling xmlNodeSetContent(node, xmlEncodeEntitiesReentrant(BAD_CAST "&myEnt;")) will result in an XML_TEXT_NODE child node with content "&myEnt;", this will be serialized to "&myEnt;" if we dump the node to disk! I first thought that I must be wrong, cause this would be quite a concern, but I've tested it and get the above mentioned behaviour. Any thoughts? Ciao, Markus > -----Ursprüngliche Nachricht----- > Von: Daniel Veillard [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 25. Oktober 2006 14:04 > An: Keim, Markus > Cc: [email protected] > Betreff: Re: [xml] Behaviour of xmlNodeAddContent() vs. > xmlNodeSetContent() > > > On Wed, Oct 25, 2006 at 02:51:32PM +0200, Keim, Markus wrote: > > Hi Daniel, > > > > well, comparing the documentation of both calls > > (I've actually done so before asking) doesn't make > > that different behaviour *that* obvious. > > Agreed, xmlNodeAddContent is lower level, working at the text node > string level while xmlNodeSetContent is more at the > serialization level. > A lot of this is just history, not always very rational, and nearly > impossible to change. Though if you want to submit a patch to make > the function comments more explicit, sure ! > > > However, a statement of you that both calls behave as intended > > is abolutely adequate (and appreciated) for my issue, I'd have > > to adjust the application, then. > > > > So, if I got this right, that would mean to > > - mandatory pass user input through xmlEncodeEntitiesReentrant() > > (resp. xmlEncodeSpecialChars()) before calling > > xmlNodeSetContent() > > > > - mandatory NOT do so before calling xmlNodeAddContent() > > ? > > Yes that's my understanding :-) > > Daniel > > -- > Red Hat Virtualization group http://redhat.com/virtualization/ > Daniel Veillard | virtualization library http://libvirt.org/ > [EMAIL PROTECTED] | libxml GNOME XML XSLT toolkit > http://xmlsoft.org/ > http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/ > _______________________________________________ xml mailing list, project page http://xmlsoft.org/ [email protected] http://mail.gnome.org/mailman/listinfo/xml
