Entity escaping from innerHTML() and html()

[technosophos]

When getting fragments of a document with html() or innerHTML(), some entities (NBSP, BULL) are not escaped on output, but are left in as UTF-8 character sequences.

This causes other PHP functions (like htmlentities()) to do weird things when the encoding argument is passed in.

Examle code:

<?php
$html = "<!DOCTYPE html><html><body>This is a string with a
non&nbsp;breaking space in it</body></html>";
$QP = htmlqp($html, 'html', array('convert_to_encoding' => 'utf-8'));
//$QP = htmlqp($html, 'html');
$QP = qp($html, 'html');

echo '1. ' . htmlentities($QP->html()) . PHP_EOL;
echo '2. ' . htmlentities($QP->top('body')->html()) . PHP_EOL;
echo '3. ' . htmlentities($QP->innerhtml()) . PHP_EOL;

echo '4. ' . htmlentities($QP->top('body')->html(), ENT_COMPAT, 'utf-8') . PHP_EOL;
?>

Only 1 and 4 encode the entities as expected.

[csplrj]

this issue comes even when I am modifying the contents using ->html(' ').

CSJakharia

[technosophos]

This is a slightly different issue, and it has to do with the fact that replace_entities has to be turned on for QueryPath to replace the entities automatically. For some reason, I turned that off in htmlqp().

The workaround is to use:

$options = array('replace_entities' => TRUE);
htmlqp(QueryPath::HTML_STUB, 'body', $options)->html($txt1)->writeHTML();

I'm going to look into the matter a little more and see if I can remember why I turned off replace_entities in htmlqp. (For XML, entity resolution is done differently, so I can't really "fix" it for qp() in general.

[dbot]

I tried your example code above inserting the line below just before the first echo -
$QP->branch('body')->append(' <b>-&nbsp;-</b>');

Warnings were generated (which could be supressed using @) and the string was ignored. The solution was to modify the line to $QP->branch('body')->append(htmlqp('<b>-&nbsp;-</b>'));
(Note: if a single &nbsp; is used on its own it will get replaced. Two &nbsp; or &nbsp; and other text is not affected.)

The warnings were:
Warning: DOMDocumentFragment::appendXML(): Entity: line 1: parser error : Entity 'nbsp' not defined in QueryPath\DOMQuery.php on line 1746

Warning: DOMDocumentFragment::appendXML(): - - in QueryPath\DOMQuery.php on line 1746

Warning: DOMDocumentFragment::appendXML(): ^ in QueryPath\DOMQuery.php on line 1746

Warning: DOMDocumentFragment::appendXML(): Entity: line 1: parser error : chunk is not well balanced in QueryPath\DOMQuery.php on line 1746

Warning: DOMDocumentFragment::appendXML(): - - in QueryPath\DOMQuery.php on line 1746

Warning: DOMDocumentFragment::appendXML(): ^ in QueryPath\DOMQuery.php on line 1746

[technosophos]

When working with XML, you need to use the character decimal value, not the HTML name. So it would be   instead of  .

The reason for this is that the XML spec does not define the vast majority of the HTML character entities, but it supports the ASCII ones.

[dbot]

That is correct for XML; however, here you are working with HTML and &nbsp; is valid. In any case, the workaround is simple enough.

[hakre]

When getting fragments of a document with html() or innerHTML(), some entities (NBSP, BULL) are not escaped on output, but are left in as UTF-8 character sequences.

This is hardly not an issue at all. Your examples shows that UTF-8 encoding is used, so the entities you miss are optional and more specifically not necessary even superfluous. Because you don't need them in UTF-8.

You might want to specify US-ASCII encoding instead if you really look for those entities.