Adding htmlspecialchars() to all method calls when creating the invoice of course fixed the problem.
My question is, maybe this package should call htmlspecialchars() on all values instead? I can't see any drawbacks. An other option could be to add a note about this in the documentation.
An other (more obtrusive) option would be to change your UXML package:
public static function newInstance(string $name, ?string $value=null, array $attrs=[], DOMDocument $doc=null): self {
$targetDoc = ($doc === null) ? new DOMDocument() : $doc;
$domElement = $targetDoc->createElement($name); // <----
$domElement->textContent = $value; // <----
// Set attributes
foreach ($attrs as $attrName=>$attrValue) {
if ($attrName === "xmlns" || strpos($attrName, 'xmlns:') === 0) {
$domElement->setAttributeNS('http://www.w3.org/2000/xmlns/', $attrName, $attrValue);
} else {
$domElement->setAttribute($attrName, $attrValue);
}
}
// Create instance
return new self($domElement);
}
First of all, thank you for your wonderful work with this package!
Today I came across a bug when generating an e-invoice where the seller's name had an ampersand (&) in their name:
Adding
htmlspecialchars()
to all method calls when creating the invoice of course fixed the problem.My question is, maybe this package should call
htmlspecialchars()
on all values instead? I can't see any drawbacks. An other option could be to add a note about this in the documentation.An other (more obtrusive) option would be to change your UXML package: