The XML Builder class seems to escape entities (turning & into & for example) inconsistently... it''s not escaping them in attributes, for example. See the following irb example: irb(main):001:0> require ''rubygems'' irb(main):002:0> require_gem ''builder'' irb(main):003:0> xm = Builder::XmlMarkup.new(:target => STDOUT) irb(main):004:0> xm.person {|b| b.name("Ray"); b.phone("503-5959") } <person><name>Ray</name><phone>503-5959</phone></person>=> #<IO:0x2c8e0> irb(main):005:0> xm.person {|b| b.name("Ray & co"); b.phone ("503-5959") } <person><name>Ray & co</name><phone>503-5959</phone></person>=> #<IO:0x2c8e0> irb(main):006:0> xm.person {|b| b.name(:name => "Ray & Co") } <person><name name="Ray & Co"/></person>=> #<IO:0x2c8e0> So it''s turning & into & as it should in the first example, but not in the second, when it''s used as the attribute name="xxx" rather than <name>xxx</name>. Is this the correct behavior (meaning I need to make a workaround myself) or is there some way to fix this to escape all occurrences of these entities? The problem is that it creates invalid XML and my parser''s not parsing it. Thanks, Raymond
Raymond Brigleb
2005-Aug-23 18:52 UTC
Re: XML Builder not escaping entities in attributes?
On Aug 23, 2005, at 9:53 AM, Raymond Brigleb wrote:> The XML Builder class seems to escape entities (turning & into > & for example) inconsistently... it''s not escaping them in > attributes, for example.Well never mind, I got around the problem by h() escaping the variables in question in my .rxml template. So it''s certainly not a big deal in a Rails app. Just a simple matter of thinking it through.
On Tuesday 23 August 2005 12:53 pm, Raymond Brigleb wrote:> So it''s turning & into & as it should in the first example, but > not in the second, when it''s used as the attribute name="xxx" rather > than <name>xxx</name>. > > Is this the correct behavior (meaning I need to make a workaround > myself) or is there some way to fix this to escape all occurrences of > these entities?The behavior is intentional. One can argue whether it is correct or not ;) One of the early users of XmlBuilder had a use case where they were using entites in the attribute values. That required ampersand to be passed "as-is" in the attribute value. Builder had options for quoting or not quoting text elements, but there is no similar mechanism for attribute values, so the default is to not quote and allow the user to quote by hand if needed. -- -- Jim Weirich jim-Fxty1mrVU9GlFc2d6oM/ew@public.gmane.org http://onestepback.org ----------------------------------------------------------------- "Beware of bugs in the above code; I have only proved it correct, not tried it." -- Donald Knuth (in a memo to Peter van Emde Boas)