#483. Output escaping for ODF.

Author: Roman Syroeshko

README.md

@@ -149,7 +149,7 @@ $objWriter->save('helloWorld.html');
 /* Note: we skip RTF, because it's not XML-based and requires a different example. */
 /* Note: we skip PDF, because "HTML-to-PDF" approach is used to create PDF documents. */
 ```
-:warning: Escape any string you pass to ODF/HTML document, otherwise it may get broken.
+:warning: Escape any string you pass to HTML document, otherwise it may get broken.
 
 More examples are provided in the [samples folder](samples/). You can also read the [Developers' Documentation](http://phpword.readthedocs.org/) and the [API Documentation](http://phpoffice.github.io/PHPWord/docs/master/) for more detail.
 

src/PhpWord/Writer/ODText/Element/Link.php

@@ -16,6 +16,7 @@
  */
 
 namespace PhpOffice\PhpWord\Writer\ODText\Element;
+use PhpOffice\PhpWord\Settings;
 
 /**
  * Text element writer
@@ -42,7 +43,11 @@ public function write()
         $xmlWriter->startElement('text:a');
         $xmlWriter->writeAttribute('xlink:type', 'simple');
         $xmlWriter->writeAttribute('xlink:href', $element->getSource());
-        $xmlWriter->writeRaw($element->getText());
+        if (Settings::isOutputEscapingEnabled()) {
+            $xmlWriter->text($element->getText());
+        } else {
+            $xmlWriter->writeRaw($element->getText());
+        }
         $xmlWriter->endElement(); // text:a
 
         if (!$this->withoutP) {

src/PhpWord/Writer/ODText/Element/Text.php

@@ -18,6 +18,7 @@
 namespace PhpOffice\PhpWord\Writer\ODText\Element;
 
 use PhpOffice\PhpWord\Exception\Exception;
+use PhpOffice\PhpWord\Settings;
 
 /**
  * Text element writer
@@ -56,7 +57,11 @@ public function write()
                 } elseif (is_string($paragraphStyle)) {
                     $xmlWriter->writeAttribute('text:style-name', $paragraphStyle);
                 }
-                $xmlWriter->writeRaw($element->getText());
+                if (Settings::isOutputEscapingEnabled()) {
+                    $xmlWriter->text($element->getText());
+                } else {
+                    $xmlWriter->writeRaw($element->getText());
+                }
             } else {
                 if (empty($paragraphStyle)) {
                     $xmlWriter->writeAttribute('text:style-name', 'Standard');
@@ -68,7 +73,11 @@ public function write()
                 if (is_string($fontStyle)) {
                     $xmlWriter->writeAttribute('text:style-name', $fontStyle);
                 }
-                $xmlWriter->writeRaw($element->getText());
+                if (Settings::isOutputEscapingEnabled()) {
+                    $xmlWriter->text($element->getText());
+                } else {
+                    $xmlWriter->writeRaw($element->getText());
+                }
                 $xmlWriter->endElement();
             }
             if (!$this->withoutP) {

src/PhpWord/Writer/ODText/Element/Title.php

@@ -16,6 +16,7 @@
  */
 
 namespace PhpOffice\PhpWord\Writer\ODText\Element;
+use PhpOffice\PhpWord\Settings;
 
 /**
  * Title element writer
@@ -37,7 +38,11 @@ public function write()
 
         $xmlWriter->startElement('text:h');
         $xmlWriter->writeAttribute('text:outline-level', $element->getDepth());
-        $xmlWriter->writeRaw($element->getText());
+        if (Settings::isOutputEscapingEnabled()) {
+            $xmlWriter->text($element->getText());
+        } else {
+            $xmlWriter->writeRaw($element->getText());
+        }
         $xmlWriter->endElement(); // text:h
     }
 }

src/PhpWord/Writer/ODText/Part/Meta.php

@@ -18,6 +18,7 @@
 namespace PhpOffice\PhpWord\Writer\ODText\Part;
 
 use PhpOffice\Common\XMLWriter;
+use PhpOffice\PhpWord\Settings;
 
 /**
  * ODText meta part writer: meta.xml
@@ -100,7 +101,11 @@ private function writeCustomProperty(XMLWriter $xmlWriter, $property, $value)
         // if ($type !== null) {
         //     $xmlWriter->writeAttribute('meta:value-type', $type);
         // }
-        $xmlWriter->writeRaw($value);
+        if (Settings::isOutputEscapingEnabled()) {
+            $xmlWriter->text($value);    
+        } else {
+            $xmlWriter->writeRaw($value);
+        }
         $xmlWriter->endElement(); // meta:user-defined
     }
 }

tests/PhpWord/Writer/ODText/Part/ContentTest.php

@@ -56,35 +56,35 @@ public function testWriteContent()
         $phpWord->addTableStyle('tblStyle', array('width' => 100));
 
         $section = $phpWord->addSection(array('colsNum' => 2));
-        $section->addText(htmlspecialchars($expected, ENT_COMPAT, 'UTF-8'));
-        $section->addText(htmlspecialchars('Test font style', ENT_COMPAT, 'UTF-8'), 'Font');
-        $section->addText(htmlspecialchars('Test paragraph style', ENT_COMPAT, 'UTF-8'), null, 'Paragraph');
-        $section->addLink('https://github.com/PHPOffice/PHPWord', htmlspecialchars('PHPWord on GitHub', ENT_COMPAT, 'UTF-8'));
-        $section->addTitle(htmlspecialchars('Test title', ENT_COMPAT, 'UTF-8'), 1);
+        $section->addText($expected);
+        $section->addText('Test font style', 'Font');
+        $section->addText('Test paragraph style', null, 'Paragraph');
+        $section->addLink('https://github.com/PHPOffice/PHPWord', 'PHPWord on GitHub');
+        $section->addTitle('Test title', 1);
         $section->addTextBreak();
         $section->addPageBreak();
-        $section->addListItem(htmlspecialchars('Test list item', ENT_COMPAT, 'UTF-8'));
+        $section->addListItem('Test list item');
         $section->addImage($imageSrc, array('width' => 50));
         $section->addObject($objectSrc);
         $section->addTOC();
 
         $textrun = $section->addTextRun();
-        $textrun->addText(htmlspecialchars('Test text run', ENT_COMPAT, 'UTF-8'));
+        $textrun->addText('Test text run');
 
         $table = $section->addTable(array('width' => 50));
         $cell = $table->addRow()->addCell();
         $cell = $table->addRow()->addCell();
-        $cell->addText(htmlspecialchars('Test', ENT_COMPAT, 'UTF-8'));
-        $cell->addLink('https://github.com/PHPOffice/PHPWord', htmlspecialchars('PHPWord on GitHub', ENT_COMPAT, 'UTF-8'));
+        $cell->addText('Test');
+        $cell->addLink('https://github.com/PHPOffice/PHPWord', 'PHPWord on GitHub');
         $cell->addTextBreak();
-        $cell->addListItem(htmlspecialchars('Test list item', ENT_COMPAT, 'UTF-8'));
+        $cell->addListItem('Test list item');
         $cell->addImage($imageSrc);
         $cell->addObject($objectSrc);
         $textrun = $cell->addTextRun();
-        $textrun->addText(htmlspecialchars('Test text run', ENT_COMPAT, 'UTF-8'));
+        $textrun->addText('Test text run');
 
         $footer = $section->addFooter();
-        $footer->addPreserveText(htmlspecialchars('{PAGE}', ENT_COMPAT, 'UTF-8'));
+        $footer->addPreserveText('{PAGE}');
 
         $table = $section->addTable('tblStyle')->addRow()->addCell();
 

tests/PhpWord/Writer/ODTextTest.php

@@ -73,20 +73,20 @@ public function testSave()
         $phpWord->addFontStyle('Font', array('size' => 11));
         $phpWord->addParagraphStyle('Paragraph', array('alignment' => Jc::CENTER));
         $section = $phpWord->addSection();
-        $section->addText(htmlspecialchars('Test 1', ENT_COMPAT, 'UTF-8'), 'Font');
+        $section->addText('Test 1', 'Font');
         $section->addTextBreak();
-        $section->addText(htmlspecialchars('Test 2', ENT_COMPAT, 'UTF-8'), null, 'Paragraph');
+        $section->addText('Test 2', null, 'Paragraph');
         $section->addLink('https://github.com/PHPOffice/PHPWord');
-        $section->addTitle(htmlspecialchars('Test', ENT_COMPAT, 'UTF-8'), 1);
+        $section->addTitle('Test', 1);
         $section->addPageBreak();
-        $section->addTable()->addRow()->addCell()->addText(htmlspecialchars('Test', ENT_COMPAT, 'UTF-8'));
-        $section->addListItem(htmlspecialchars('Test', ENT_COMPAT, 'UTF-8'));
+        $section->addTable()->addRow()->addCell()->addText('Test');
+        $section->addListItem('Test');
         $section->addImage($imageSrc);
         $section->addObject($objectSrc);
         $section->addTOC();
         $section = $phpWord->addSection();
         $textrun = $section->addTextRun();
-        $textrun->addText(htmlspecialchars('Test 3', ENT_COMPAT, 'UTF-8'));
+        $textrun->addText('Test 3');
         $writer = new ODText($phpWord);
         $writer->save($file);
 
@@ -104,7 +104,7 @@ public function testSavePhpOutput()
     {
         $phpWord = new PhpWord();
         $section = $phpWord->addSection();
-        $section->addText(htmlspecialchars('Test', ENT_COMPAT, 'UTF-8'));
+        $section->addText('Test');
         $writer = new ODText($phpWord);
         $writer->save('php://output');
     }