How to best handle XML entities

[Kekos]

First of all, thank you for your wonderful work with this package!

Today I came across a bug when generating an e-invoice where the seller's name had an ampersand (&) in their name:

DOMDocument::createElement(): unterminated entity reference             REDACTED

REDACTED\vendor\josemmo\uxml\src\UXML.php:66
REDACTED\vendor\josemmo\uxml\src\UXML.php:130

Adding htmlspecialchars() to all method calls when creating the invoice of course fixed the problem.

My question is, maybe this package should call htmlspecialchars() on all values instead? I can't see any drawbacks. An other option could be to add a note about this in the documentation.

An other (more obtrusive) option would be to change your UXML package:

    public static function newInstance(string $name, ?string $value=null, array $attrs=[], DOMDocument $doc=null): self {
        $targetDoc = ($doc === null) ? new DOMDocument() : $doc;
        $domElement = $targetDoc->createElement($name); // <----
        $domElement->textContent = $value; // <----

        // Set attributes
        foreach ($attrs as $attrName=>$attrValue) {
            if ($attrName === "xmlns" || strpos($attrName, 'xmlns:') === 0) {
                $domElement->setAttributeNS('http://www.w3.org/2000/xmlns/', $attrName, $attrValue);
            } else {
                $domElement->setAttribute($attrName, $attrValue);
            }
        }

        // Create instance
        return new self($domElement);
    }

[josemmo]

Hi, @Kekos!

Thanks for reporting this bug. I've just released a new version of the library (v0.1.1-beta) which should fix it.

Regards, José Miguel

[Kekos]

That's great!