Re: problems with charset encoding

Good point: attributes have not been escaped.

The method is different than htmlspecialchars because it only translates XML 
entities.  There are many more HTML entities than XML.  To translate HTML 
entities that are not also XML entities yields invalid XML.

Scott Nichol

Do not send e-mail directly to this e-mail address,
because it is filtered to accept only mail from
specific mail lists.
----- Original Message ----- 
From: "Gaetano Giunta" <giunta.gaetano@xxxxxxxxxxxxxxxxxxxxxx>
To: <nusoap-general@xxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, April 15, 2005 11:17 AM
Subject: RE: [Nusoap-general] problems with charset encoding


> Nice method, looks a bit a dupe of php native htmlspecialchars...
> 
> I took a deep hard look at the code, and I am quite convinced that attribute 
> values are never html-escaped...
> The only line I could find where they are serialized is 298 in nusoap.php 
> (ver. 0.6.9).
> Just change it to:
>   $atts .= ' $k="'.expandEntities($v).'"';
> and all should be ok.
> 
> bye
> Gaetano
> 
> > -----Original Message-----
> > From: nusoap-general-admin@xxxxxxxxxxxxxxxxxxxxx
> > [mailto:nusoap-general-admin@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of Scott
> > Nichol
> > Sent: Wednesday, April 13, 2005 10:13 PM
> > To: nusoap-general@xxxxxxxxxxxxxxxxxxxxx
> > Subject: Re: [Nusoap-general] problems with charset encoding
> > 
> > 
> > It's just you ;-).  Perhaps you have found a code path that 
> > does not handle this properly.  The expandEntities method in 
> > nusoap_base does the actual work.  It is called from code in 
> > several places.  You may have found that it should be called 
> > another place.  If you cannot determine where, posting your 
> > debug output to the list may allow someone else to find it.
> > 
> > Scott Nichol
> > 
> > Do not send e-mail directly to this e-mail address,
> > because it is filtered to accept only mail from
> > specific mail lists.
> > ----- Original Message ----- 
> > From: "Gaetano Giunta" <giunta.gaetano@xxxxxxxxxxxxxxxxxxxxxx>
> > To: <nusoap-general@xxxxxxxxxxxxxxxxxxxxx>
> > Sent: Wednesday, April 13, 2005 9:26 AM
> > Subject: [Nusoap-general] problems with charset encoding
> > 
> > 
> > > Is it just me, or are element attributes not parsed for 
> > presence of < and & chars when serialized?
> > > 
> > Hj²zyNLvyvzjv?¢?v!¡¶¢jzS½?¦¹¶Êz¢?J¶vz¶ý¢riå¡÷
r²?­jz²²?­S²q
> > ®z¶þ¶º~zþ¶S?zj?
> > 
> > 
> > -------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide
> > Read honest & candid reviews on hundreds of IT Products from 
> > real users.
> > Discover which products truly live up to the hype. Start reading now.
> > http://ads.osdn.com/?ad_ide95&alloc_id396&op=ick
> > _______________________________________________
> > Nusoap-general mailing list
> > Nusoap-general@xxxxxxxxxxxxxxxxxxxxx
> > https://lists.sourceforge.net/lists/listinfo/nusoap-generalHWj)²ÊzÊyÖNLúvçèyvzËjwv·?ì¢x?ÚvÊ!3¡Û¶Ç¢jj[z»Sǽê?'¦º¹Ë¶»ÊXzê¢Ø?*JÖ¶·v)zO¶Úý§¢Çr?iخ婡È^÷ª
ÉrC²??é­©j)z
> >  ²Ó²??é­©S˲þX¶Ëº·~SzwþX¶ÏSË?úzëj~?ê


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click