src_Utility_Xml.php.patch

Index: src/Utility/Xml.php
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- src/Utility/Xml.php	(date 1533778910000)
+++ src/Utility/Xml.php	(date 1533854824127)
@@ -341,7 +341,7 @@
         $format = $data['format'];
         $node = $data['node'];
 
-        $childNS = $childValue = null;
+        $childNS = $childValue = $isCdata = null;
         if (is_object($value) && method_exists($value, 'toArray') && is_callable([$value, 'toArray'])) {
             $value = call_user_func([$value, 'toArray']);
         }
@@ -350,6 +350,11 @@
                 $childValue = (string)$value['@'];
                 unset($value['@']);
             }
+            if (isset($value['!'])) {
+                $childValue = (string)$value['!'];
+                $isCdata = true;
+                unset($value['!']);
+            }
             if (isset($value['xmlns:'])) {
                 $childNS = $value['xmlns:'];
                 unset($value['xmlns:']);
@@ -360,7 +365,11 @@
 
         $child = $dom->createElement($key);
         if ($childValue !== null) {
-            $child->appendChild($dom->createTextNode($childValue));
+            if (!$isCdata) {
+                $child->appendChild($dom->createTextNode($childValue));
+            } else {
+                $child->appendChild($dom->createCDATASection($childValue));
+            }
         }
         if ($childNS) {
             $child->setAttribute('xmlns', $childNS);

Usage:

'node' => [
    '!' => 'cdata content'
]

Is it possible to implement this function in the PHP CAKE release?

It should be possible... I'm not sure why I never tried to add it. I remember there were some problems, for example it would only work for generating XML, not for parsing, at least not when using SimpleXML, as it doesn't expose CDATA information.

I can add a pullrequest. CDATA is really good for generating XML, where I need data with unsafe characters.

I'm not sure what this Gist was for, probably just an example, it shouldn't go into the core as-is! In case that was your question? It would need proper handling in _fromArray() as well as in _createChild().

I understand, but I'm not sure if I could work it into the code correctly :)

As far as safety is concerned, the current implementation in the core should be fine, special characters should automatically be entity encoded. Do you possibly have a specific use case where invalid characters slip through?

You're right, HTML characters are converted into entities... The question is if it's OK, if I wanted to import this data from XML into the database, I already have them changed as entities. It's not the kind of HTML I'd like to have stored in the database. Therefore, if it is in CDATA, it can contain all HTML without entities.

An XML processor must expand entities and character references, meaning when reading the XML document and extracting data from it, you should get back the original plain text.

Thanks for the explanation, so it's correct.