From: Robert Kaiser Date: Sun, 25 Sep 2016 16:48:58 +0000 (+0200) Subject: adding a value in createElement doesn't care for escaping but createTextNode does... X-Git-Url: https://git-public.kairo.at/?a=commitdiff_plain;h=6e698a41c5017150623531a9f2d6ec3baceda9c2;p=php-utility-classes.git adding a value in createElement doesn't care for escaping but createTextNode does, so actually use appendText in appendElement --- diff --git a/include/cbsm/util/document.php-class b/include/cbsm/util/document.php-class index fa269ca..6a36dfc 100755 --- a/include/cbsm/util/document.php-class +++ b/include/cbsm/util/document.php-class @@ -187,7 +187,10 @@ class ExtendedDocument extends DOMDocument { } function appendElement($name, $value = '') { - return $this->appendChild($this->createElement($name, $value)); + // Adding the $value in createElement does NOT escape it, so use appendText to support that. + $aelem = $this->appendChild($this->createElement($name)); + $aelem->appendText($value); + return $aelem; } function appendElementXML($name, $xmldata) { $aelem = $this->appendChild($this->createElement($name)); @@ -270,7 +273,8 @@ class ExtendedDocument extends DOMDocument { } function createElementLink($target, $value = '') { - $link = $this->createElement('a', $value); + $link = $this->createElement('a'); + $link->appendText($value); $link->setAttribute('href', $target); // XXX: take care of & etc. in links return $link; } @@ -499,7 +503,10 @@ class ExtendedElement extends DOMElement { // returns the new child function appendElement($name, $value = '') { - return $this->appendChild($this->ownerDocument->createElement($name, $value)); + // Adding the $value in createElement does NOT escape it, so use appendText to support that. + $aelem = $this->appendChild($this->ownerDocument->createElement($name)); + $aelem->appendText($value); + return $aelem; } function appendElementXML($name, $xmldata) { $aelem = $this->appendChild($this->ownerDocument->createElement($name)); @@ -663,7 +670,10 @@ class ExtendedDocumentFragment extends DOMDocumentFragment { // returns the new child function appendElement($name, $value = '') { - return $this->appendChild($this->ownerDocument->createElement($name, $value)); + // Adding the $value in createElement does NOT escape it, so use appendText to support that. + $aelem = $this->appendChild($this->ownerDocument->createElement($name)); + $aelem->appendText($value); + return $aelem; } function appendElementXML($name, $xmldata) { $aelem = $this->appendChild($this->ownerDocument->createElement($name));