-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AbstractRequest.php Unescaped & in createElement() #74
Comments
@soeurdefeo just replacing any I will check if there is a way where we can fix this without open a other issue as described. |
@stefanpolzer what about using -> DOMDocument::createTextNode(html_entity_decode('https://example.com/path?param1=value2¶m2=value2')); |
@soeurdefeo can you check if this is now solved in the last PR #90 that was now merged into the master tree? |
doesn't work for me. Ampersand is never escaped.
Best practice is to use The question is if we could/should be backward compatible. If we have already escaped strings we shouldn't escape again otherwise we will have: It would be difficult if we want to support both escaped and not escaped versions:
Maybe Alternatively
|
The createElement() call in line 112 throws an warning (Warning: DOMDocument::createElement(): unterminated entity reference) and does not set ne child-node correct if you send e.g. for the errorURL an string with & because the value is not escaped by default in this method.
Please add before
Similiar is already done in Mpay24Order.php __set() method line 176.
The text was updated successfully, but these errors were encountered: