REXML escaping seems broken

T

Trejkaz

Part of the point of using a library to build up a DOM and output it,
is that all the messy escaping is supposed to be handled under the
covers.

But for this test case:

require 'test/unit'
require 'rexml/text'
include REXML

class TestRexmlEscapes < Test::Unit::TestCase
def test_escape_ampersand
assert_equal "&amp;amp;", Text.new("&amp;").to_s
end
end

Results:
1) Failure:
test_escape_ampersand(TestRexmlEscapes) [test_rexml_escapes.rb:7]:
<"&amp;amp;"> expected but was
<"&amp;">.

In other words, it seems to arbitrarily ignore the "&" which really
needs to be escaped. I didn't ask for :raw at all, and IMO it should
escape everything unless you tell it not to.

It seems like the only workaround for this is to manually escape all
strings correctly and then pass as raw into REXML. But if I'm going to
go to that much trouble, there's really no point in using the library
in the first place as it becomes just as easy to concatenate some
strings together.

Do people consider this to be a real bug?

TX
 
N

Nick Sieger

------=_Part_4734_31967466.1129820260849
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

It seems like the only workaround for this is to manually escape all
strings correctly and then pass as raw into REXML. But if I'm going to
go to that much trouble, there's really no point in using the library
in the first place as it becomes just as easy to concatenate some
strings together.

Do people consider this to be a real bug?
Click to expand...



Perhaps the docs for REXML::Text::new will illuminate the situation:

http://ruby-doc.org/stdlib/libdoc/rexml/rdoc/classes/REXML/Text.html#M00288=
6

You may also be interested in Sam Ruby's xchar.rb experiment:

http://www.intertwingly.net/blog/2005/09/28/XML-Cleansing
Cheers,
/Nick

------=_Part_4734_31967466.1129820260849--
 
T

Trejkaz

Yeah, I know that the API docs say that it doesn't escape known
entities, but I was fishing to see whether anybody recognised that this
is a real problem.

Basically, because of this, *every single time* I have to set in text,
I have to escape it myself and then pass it in as raw.

TX
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

bug in REXML escape codes 1
REXML raw all doesn't seem to work 0
XMLRPC (REXML) incorrectly handles UTF-8 data 6
Create xml with elementtree ET and xml escaping 4
REXML (1.8.6-p110) backwards compatibility problem with rcov 9
[newbie] REXML, each_element and XPath 3
Escaping single quotes in XPath query with REXML 2
REXML inheritance confusion (simple q?) 1

Members online

Total: 25 (members: 1, guests: 24)
Robots: 336

Forum statistics

Threads
473,769
Messages
2,569,582
Members
45,058
Latest member
QQXCharlot

Latest Threads

Top