4

I'm trying to guide a colleague towards the most correct way of sending an XML document in a SOAP message, but I'm no expert on the subject. It seems like something that should be solvable using a CDATA section, but a default gSOAP serializer is 'helping' by encoding all '<' and '>'.

For example, when we try to send this:

<xml>
    <tag>
        <content>
            <![CDATA[<xml><tag>Text!</tag></xml>]]>
        </content>
    </tag>
</xml>

What actually gets sent is more like this:

<xml>
    <tag>
        <content>
            &lt;![CDATA[&lt;xml&gt;&lt;tag&gt;Text!&lt;/tag&gt;&lt;/xml&gt;]]&gt;
        </content>
    </tag>
</xml>

If the receiver was also gSOAP based we may transparently get away with that without even needing the CDATA markers, but that is not the case. The receiver is some PHP code, so using html_entity_decode may work, but it feels wrong (and perhaps wouldn't work in all cases?).

I was hoping/expecting the solution would be to specify a different type for the field (currently 'xsd:string') so that a dumber serializer got used, preserving the CDATA markers and the content within.

I'd like to avoid any in-house wheel-reinvention if there's a simple and correct way to solve this (base64 encoding the payload is being proposed).

Chris
  • 3,445
  • 3
  • 22
  • 28

2 Answers2

2

I would absolutely recommend against using CDATA to wrap your data, even though it seems like the most convenient solution.

The main reason is that CDATA is supposed to denote Character Data and as your content element is essentially nested XML (i.e. data), technically its use here is incorrect.

There are two solutions I would propose in this case:

  1. Redefine the type of your content element to be a Complex Element (can get messy, especially if you want your content element to support different schemas).
  2. Encode the content value (Base64 or HTML entities, depending on your requirement).

I realise that this probably isn't what you want to hear, but having been in the same position before and fumbling about with CDATA before actually understanding its intended use (https://www.w3.org/TR/REC-xml/#sec-cdata-sect), I feel that the two options above are the best ways to go.

aseriesofdarkcaves
  • 124
  • 1
  • 2
  • 13
0

The serializer is presumably taking your input as text instead of XML… so just leave the CDATA markers out of the text and let it use character references instead of CDATA markers.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • 3
    That feels like "getting away with it" rather than "doing it correctly". Also, it means the receiver needs to treat the arriving data in a non-standard way. – Chris Nov 05 '14 at 09:30
  • No, it doesn't. XML character references are entirely standard. – Quentin Nov 05 '14 at 09:40