PHPOffice#483. Output escaping for OOXML.

Author: Roman Syroeshko

README.md

@@ -93,11 +93,9 @@ $phpWord = new \PhpOffice\PhpWord\PhpWord();
 $section = $phpWord->addSection();
 // Adding Text element to the Section having font styled by default...
 $section->addText(
-    htmlspecialchars(
-        '"Learn from yesterday, live for today, hope for tomorrow. '
-            . 'The important thing is not to stop questioning." '
-            . '(Albert Einstein)'
-    )
+    '"Learn from yesterday, live for today, hope for tomorrow. '
+        . 'The important thing is not to stop questioning." '
+        . '(Albert Einstein)'
 );
 
 /*
@@ -109,11 +107,9 @@ $section->addText(
 
 // Adding Text element with font customized inline...
 $section->addText(
-    htmlspecialchars(
-        '"Great achievement is usually born of great sacrifice, '
-            . 'and is never the result of selfishness." '
-            . '(Napoleon Hill)'
-    ),
+    '"Great achievement is usually born of great sacrifice, '
+        . 'and is never the result of selfishness." '
+        . '(Napoleon Hill)',
     array('name' => 'Tahoma', 'size' => 10)
 );
 
@@ -124,11 +120,9 @@ $phpWord->addFontStyle(
     array('name' => 'Tahoma', 'size' => 10, 'color' => '1B2232', 'bold' => true)
 );
 $section->addText(
-    htmlspecialchars(
-        '"The greatest accomplishment is not in never falling, '
-            . 'but in rising again after you fall." '
-            . '(Vince Lombardi)'
-    ),
+    '"The greatest accomplishment is not in never falling, '
+        . 'but in rising again after you fall." '
+        . '(Vince Lombardi)',
     $fontStyleName
 );
 
@@ -137,9 +131,7 @@ $fontStyle = new \PhpOffice\PhpWord\Style\Font();
 $fontStyle->setBold(true);
 $fontStyle->setName('Tahoma');
 $fontStyle->setSize(13);
-$myTextElement = $section->addText(
-    htmlspecialchars('"Believe you can and you\'re halfway there." (Theodor Roosevelt)')
-);
+$myTextElement = $section->addText('"Believe you can and you\'re halfway there." (Theodor Roosevelt)');
 $myTextElement->setFontStyle($fontStyle);
 
 // Saving the document as OOXML file...

docs/general.rst

@@ -24,13 +24,9 @@ folder <https://github.com/PHPOffice/PHPWord/tree/master/samples/>`__.
     $section = $phpWord->addSection();
     // Adding Text element to the Section having font styled by default...
     $section->addText(
-        htmlspecialchars(
-            '"Learn from yesterday, live for today, hope for tomorrow. '
-                . 'The important thing is not to stop questioning." '
-                . '(Albert Einstein)',
-            ENT_COMPAT,
-            'UTF-8'
-        )
+        '"Learn from yesterday, live for today, hope for tomorrow. '
+            . 'The important thing is not to stop questioning." '
+            . '(Albert Einstein)'
     );
 
     /*
@@ -42,13 +38,9 @@ folder <https://github.com/PHPOffice/PHPWord/tree/master/samples/>`__.
 
     // Adding Text element with font customized inline...
     $section->addText(
-        htmlspecialchars(
-            '"Great achievement is usually born of great sacrifice, '
-                . 'and is never the result of selfishness." '
-                . '(Napoleon Hill)',
-            ENT_COMPAT,
-            'UTF-8'
-        ),
+        '"Great achievement is usually born of great sacrifice, '
+            . 'and is never the result of selfishness." '
+            . '(Napoleon Hill)',
         array('name' => 'Tahoma', 'size' => 10)
     );
 
@@ -59,13 +51,9 @@ folder <https://github.com/PHPOffice/PHPWord/tree/master/samples/>`__.
         array('name' => 'Tahoma', 'size' => 10, 'color' => '1B2232', 'bold' => true)
     );
     $section->addText(
-        htmlspecialchars(
-            '"The greatest accomplishment is not in never falling, '
-                . 'but in rising again after you fall." '
-                . '(Vince Lombardi)',
-            ENT_COMPAT,
-            'UTF-8'
-        ),
+        '"The greatest accomplishment is not in never falling, '
+            . 'but in rising again after you fall." '
+            . '(Vince Lombardi)',
         $fontStyleName
     );
 
@@ -74,9 +62,7 @@ folder <https://github.com/PHPOffice/PHPWord/tree/master/samples/>`__.
     $fontStyle->setBold(true);
     $fontStyle->setName('Tahoma');
     $fontStyle->setSize(13);
-    $myTextElement = $section->addText(
-        htmlspecialchars('"Believe you can and you\'re halfway there." (Theodor Roosevelt)', ENT_COMPAT, 'UTF-8')
-    );
+    $myTextElement = $section->addText('"Believe you can and you\'re halfway there." (Theodor Roosevelt)');
     $myTextElement->setFontStyle($fontStyle);
 
     // Saving the document as OOXML file...
@@ -130,8 +116,22 @@ included with PHPWord.
 
     \PhpOffice\PhpWord\Settings::setZipClass(\PhpOffice\PhpWord\Settings::PCLZIP);
 
+Output escaping
+~~~~~~~~~~~~~~~
+
+Writing documents of some formats, especially XML-based, requires correct output escaping.
+Without it your document may become broken when you put special characters like ampersand, quotes, and others in it.
+
+Escaping can be performed in two ways: outside of the library by a software developer and inside of the library by built-in mechanism.
+By default, the built-in mechanism is disabled for backward compatibility with versions prior to v0.13.0.
+To turn it on set ``outputEscapingEnabled`` option to ``true`` in your PHPWord configuration file or use the following instruction at runtime:
+
+.. code-block:: php
+
+    \PhpOffice\PhpWord\Settings::setOutputEscapingEnabled(true);
+
 Default font
-------------
+~~~~~~~~~~~~
 
 By default, every text appears in Arial 10 point. You can alter the
 default font by using the following two functions:

phpword.ini.dist

@@ -3,11 +3,12 @@
 
 [General]
 
-compatibility   = true
-zipClass        = ZipArchive
-pdfRendererName = DomPDF
-pdfRendererPath =
-; tempDir         = "C:\PhpWordTemp"
+compatibility         = true
+zipClass              = ZipArchive
+pdfRendererName       = DomPDF
+pdfRendererPath       =
+; tempDir               = "C:\PhpWordTemp"
+outputEscapingEnabled = false
 
 [Font]
 

samples/Sample_01_SimpleText.php

@@ -4,24 +4,29 @@
 // New Word Document
 echo date('H:i:s') , ' Create new PhpWord object' , EOL;
 $phpWord = new \PhpOffice\PhpWord\PhpWord();
-$phpWord->addFontStyle('rStyle', array('bold' => true, 'italic' => true, 'size' => 16, 'allCaps' => true, 'doubleStrikethrough' => true));
-$phpWord->addParagraphStyle('pStyle', array('alignment' => \PhpOffice\PhpWord\SimpleType\Jc::CENTER, 'spaceAfter' => 100));
+
+$fontStyleName = 'rStyle';
+$phpWord->addFontStyle($fontStyleName, array('bold' => true, 'italic' => true, 'size' => 16, 'allCaps' => true, 'doubleStrikethrough' => true));
+
+$paragraphStyleName = 'pStyle';
+$phpWord->addParagraphStyle($paragraphStyleName, array('alignment' => \PhpOffice\PhpWord\SimpleType\Jc::CENTER, 'spaceAfter' => 100));
+
 $phpWord->addTitleStyle(1, array('bold' => true), array('spaceAfter' => 240));
 
 // New portrait section
 $section = $phpWord->addSection();
 
 // Simple text
-$section->addTitle(htmlspecialchars('Welcome to PhpWord', ENT_COMPAT, 'UTF-8'), 1);
-$section->addText(htmlspecialchars('Hello World!', ENT_COMPAT, 'UTF-8'));
+$section->addTitle('Welcome to PhpWord', 1);
+$section->addText('Hello World!');
 
 // Two text break
 $section->addTextBreak(2);
 
-// Defined style
-$section->addText(htmlspecialchars('I am styled by a font style definition.', ENT_COMPAT, 'UTF-8'), 'rStyle');
-$section->addText(htmlspecialchars('I am styled by a paragraph style definition.', ENT_COMPAT, 'UTF-8'), null, 'pStyle');
-$section->addText(htmlspecialchars('I am styled by both font and paragraph style.', ENT_COMPAT, 'UTF-8'), 'rStyle', 'pStyle');
+// Define styles
+$section->addText('I am styled by a font style definition.', $fontStyleName);
+$section->addText('I am styled by a paragraph style definition.', null, $paragraphStyleName);
+$section->addText('I am styled by both font and paragraph style.', $fontStyleName, $paragraphStyleName);
 
 $section->addTextBreak();
 
@@ -30,39 +35,39 @@
 $fontStyle['size'] = 20;
 
 $textrun = $section->addTextRun();
-$textrun->addText(htmlspecialchars('I am inline styled ', ENT_COMPAT, 'UTF-8'), $fontStyle);
-$textrun->addText(htmlspecialchars('with ', ENT_COMPAT, 'UTF-8'));
-$textrun->addText(htmlspecialchars('color', ENT_COMPAT, 'UTF-8'), array('color' => '996699'));
-$textrun->addText(htmlspecialchars(', ', ENT_COMPAT, 'UTF-8'));
-$textrun->addText(htmlspecialchars('bold', ENT_COMPAT, 'UTF-8'), array('bold' => true));
-$textrun->addText(htmlspecialchars(', ', ENT_COMPAT, 'UTF-8'));
-$textrun->addText(htmlspecialchars('italic', ENT_COMPAT, 'UTF-8'), array('italic' => true));
-$textrun->addText(htmlspecialchars(', ', ENT_COMPAT, 'UTF-8'));
-$textrun->addText(htmlspecialchars('underline', ENT_COMPAT, 'UTF-8'), array('underline' => 'dash'));
-$textrun->addText(htmlspecialchars(', ', ENT_COMPAT, 'UTF-8'));
-$textrun->addText(htmlspecialchars('strikethrough', ENT_COMPAT, 'UTF-8'), array('strikethrough' => true));
-$textrun->addText(htmlspecialchars(', ', ENT_COMPAT, 'UTF-8'));
-$textrun->addText(htmlspecialchars('doubleStrikethrough', ENT_COMPAT, 'UTF-8'), array('doubleStrikethrough' => true));
-$textrun->addText(htmlspecialchars(', ', ENT_COMPAT, 'UTF-8'));
-$textrun->addText(htmlspecialchars('superScript', ENT_COMPAT, 'UTF-8'), array('superScript' => true));
-$textrun->addText(htmlspecialchars(', ', ENT_COMPAT, 'UTF-8'));
-$textrun->addText(htmlspecialchars('subScript', ENT_COMPAT, 'UTF-8'), array('subScript' => true));
-$textrun->addText(htmlspecialchars(', ', ENT_COMPAT, 'UTF-8'));
-$textrun->addText(htmlspecialchars('smallCaps', ENT_COMPAT, 'UTF-8'), array('smallCaps' => true));
-$textrun->addText(htmlspecialchars(', ', ENT_COMPAT, 'UTF-8'));
-$textrun->addText(htmlspecialchars('allCaps', ENT_COMPAT, 'UTF-8'), array('allCaps' => true));
-$textrun->addText(htmlspecialchars(', ', ENT_COMPAT, 'UTF-8'));
-$textrun->addText(htmlspecialchars('fgColor', ENT_COMPAT, 'UTF-8'), array('fgColor' => 'yellow'));
-$textrun->addText(htmlspecialchars(', ', ENT_COMPAT, 'UTF-8'));
-$textrun->addText(htmlspecialchars('scale', ENT_COMPAT, 'UTF-8'), array('scale' => 200));
-$textrun->addText(htmlspecialchars(', ', ENT_COMPAT, 'UTF-8'));
-$textrun->addText(htmlspecialchars('spacing', ENT_COMPAT, 'UTF-8'), array('spacing' => 120));
-$textrun->addText(htmlspecialchars(', ', ENT_COMPAT, 'UTF-8'));
-$textrun->addText(htmlspecialchars('kerning', ENT_COMPAT, 'UTF-8'), array('kerning' => 10));
-$textrun->addText(htmlspecialchars('. ', ENT_COMPAT, 'UTF-8'));
+$textrun->addText('I am inline styled ', $fontStyle);
+$textrun->addText('with ');
+$textrun->addText('color', array('color' => '996699'));
+$textrun->addText(', ');
+$textrun->addText('bold', array('bold' => true));
+$textrun->addText(', ');
+$textrun->addText('italic', array('italic' => true));
+$textrun->addText(', ');
+$textrun->addText('underline', array('underline' => 'dash'));
+$textrun->addText(', ');
+$textrun->addText('strikethrough', array('strikethrough' => true));
+$textrun->addText(', ');
+$textrun->addText('doubleStrikethrough', array('doubleStrikethrough' => true));
+$textrun->addText(', ');
+$textrun->addText('superScript', array('superScript' => true));
+$textrun->addText(', ');
+$textrun->addText('subScript', array('subScript' => true));
+$textrun->addText(', ');
+$textrun->addText('smallCaps', array('smallCaps' => true));
+$textrun->addText(', ');
+$textrun->addText('allCaps', array('allCaps' => true));
+$textrun->addText(', ');
+$textrun->addText('fgColor', array('fgColor' => 'yellow'));
+$textrun->addText(', ');
+$textrun->addText('scale', array('scale' => 200));
+$textrun->addText(', ');
+$textrun->addText('spacing', array('spacing' => 120));
+$textrun->addText(', ');
+$textrun->addText('kerning', array('kerning' => 10));
+$textrun->addText('. ');
 
 // Link
-$section->addLink('https://github.com/PHPOffice/PHPWord', htmlspecialchars('PHPWord on GitHub', ENT_COMPAT, 'UTF-8'));
+$section->addLink('https://github.com/PHPOffice/PHPWord', 'PHPWord on GitHub');
 $section->addTextBreak();
 
 // Image

samples/Sample_02_TabStops.php

@@ -5,9 +5,10 @@
 echo date('H:i:s'), ' Create new PhpWord object', EOL;
 $phpWord = new \PhpOffice\PhpWord\PhpWord();
 
-// Ads styles
+// Define styles
+$multipleTabsStyleName = 'multipleTab';
 $phpWord->addParagraphStyle(
-    'multipleTab',
+    $multipleTabsStyleName,
     array(
         'tabs' => array(
             new \PhpOffice\PhpWord\Style\Tab('left', 1550),
@@ -16,22 +17,20 @@
         )
     )
 );
-$phpWord->addParagraphStyle(
-    'rightTab',
-    array('tabs' => array(new \PhpOffice\PhpWord\Style\Tab('right', 9090)))
-);
-$phpWord->addParagraphStyle(
-    'centerTab',
-    array('tabs' => array(new \PhpOffice\PhpWord\Style\Tab('center', 4680)))
-);
+
+$rightTabStyleName = 'rightTab';
+$phpWord->addParagraphStyle($rightTabStyleName, array('tabs' => array(new \PhpOffice\PhpWord\Style\Tab('right', 9090))));
+
+$leftTabStyleName = 'centerTab';
+$phpWord->addParagraphStyle($leftTabStyleName, array('tabs' => array(new \PhpOffice\PhpWord\Style\Tab('center', 4680))));
 
 // New portrait section
 $section = $phpWord->addSection();
 
 // Add listitem elements
-$section->addText(htmlspecialchars("Multiple Tabs:\tOne\tTwo\tThree", ENT_COMPAT, 'UTF-8'), null, 'multipleTab');
-$section->addText(htmlspecialchars("Left Aligned\tRight Aligned", ENT_COMPAT, 'UTF-8'), null, 'rightTab');
-$section->addText(htmlspecialchars("\tCenter Aligned", ENT_COMPAT, 'UTF-8'), null, 'centerTab');
+$section->addText("Multiple Tabs:\tOne\tTwo\tThree", null, $multipleTabsStyleName);
+$section->addText("Left Aligned\tRight Aligned", null, $rightTabStyleName);
+$section->addText("\tCenter Aligned", null, $leftTabStyleName);
 
 // Save file
 echo write($phpWord, basename(__FILE__, '.php'), $writers);

samples/Sample_03_Sections.php

@@ -7,25 +7,19 @@
 
 // New portrait section
 $section = $phpWord->addSection(array('borderColor' => '00FF00', 'borderSize' => 12));
-$section->addText(htmlspecialchars('I am placed on a default section.', ENT_COMPAT, 'UTF-8'));
+$section->addText('I am placed on a default section.');
 
 // New landscape section
 $section = $phpWord->addSection(array('orientation' => 'landscape'));
-$section->addText(
-    htmlspecialchars(
-        'I am placed on a landscape section. Every page starting from this section will be landscape style.',
-        ENT_COMPAT,
-        'UTF-8'
-    )
-);
+$section->addText('I am placed on a landscape section. Every page starting from this section will be landscape style.');
 $section->addPageBreak();
 $section->addPageBreak();
 
 // New portrait section
 $section = $phpWord->addSection(
     array('paperSize' => 'Folio', 'marginLeft' => 600, 'marginRight' => 600, 'marginTop' => 600, 'marginBottom' => 600)
 );
-$section->addText(htmlspecialchars('This section uses other margins with folio papersize.', ENT_COMPAT, 'UTF-8'));
+$section->addText('This section uses other margins with folio papersize.');
 
 // New portrait section with Header & Footer
 $section = $phpWord->addSection(
@@ -38,9 +32,9 @@
         'footerHeight' => 50,
     )
 );
-$section->addText(htmlspecialchars('This section and we play with header/footer height.', ENT_COMPAT, 'UTF-8'));
-$section->addHeader()->addText(htmlspecialchars('Header', ENT_COMPAT, 'UTF-8'));
-$section->addFooter()->addText(htmlspecialchars('Footer', ENT_COMPAT, 'UTF-8'));
+$section->addText('This section and we play with header/footer height.');
+$section->addHeader()->addText('Header');
+$section->addFooter()->addText('Footer');
 
 // Save file
 echo write($phpWord, basename(__FILE__, '.php'), $writers);