XML-RPC: Escape XHTML special characters
-
[ Moderator note: moved to How-to and Troubleshooting. ]
Hi,
I’m using the XML-RPC-API, namely the
wp.getPostsmethod. The result is rather surprising in my opinion when it comes to the escaping of XML special characters and embedded XHTML. If I write a new post which contains a less-than character, in the XML-RPC result it is correctly XML encoded as<. If I write a new post which contains<a href="https://www.example.org">example</a>that is interpreted as HTML link by WordPress automatically and gets rendered as actual link by the browser when visiting the page, the less-than and greater-than characters end up XML encoded as well, indistinguishable from ordinary XML special characters without special meaning for the HTML output of WordPress. For reading the XML-RPC result with XML tools, it is neither possible to access the XHTML link as a legitimate XML element, nor is it safe to unescape the XML special character entities, because this would leave the link as intact XML, but an unrelated, ordinary less-than character in the text would break the well-formedness.If WordPress interprets some HTML input in a special way anyway, I would suggest to output it in XML-RPC with its own namespace,
xmlns:xhtmlfor instance. If the escaping stays inconsistent, the XML-RPC output is pretty useless for me. Please note that the HTML output doesn’t escape XML special characters at all, so this output format isn’t an option for me either.
-
I found out that the XML-RPC output is XML encoded twice: once as data in the WordPress database and a second time by
IXR_Value->getXml()in$/wp-includes/class-IXR.php. It seems feasible to un-escape text nodes one time, so the actual database content/form input is retrieved.
- The topic ‘XML-RPC: Escape XHTML special characters’ is closed to new replies.