{"id":90,"date":"2010-06-22T19:27:04","date_gmt":"2010-06-22T17:27:04","guid":{"rendered":"http:\/\/www.neunbeere.de\/blog\/?p=90"},"modified":"2010-06-22T19:44:24","modified_gmt":"2010-06-22T17:44:24","slug":"adobe-flash-player-bug-using-html-entity-in-xml","status":"publish","type":"post","link":"https:\/\/www.neunbeere.de\/blog\/2010\/06\/adobe-flash-player-bug-using-html-entity-in-xml\/","title":{"rendered":"Adobe Flash Player bug: Using nbsp HTML Entity in XML"},"content":{"rendered":"

Today, one of my customers notified my of a problem with a website I have created for him. The site uses an Adobe Flash movie to collect data from the visitor and then sends the data (including some raw image data) to a PHP script for further processing.<\/p>\n

After updating the Adobe Flash Player installation to 10.1, the PHP script would (in some situations) terminate with the error “Call to a member function asXML() on a non-object”. The problem here is that the script uses the PHP parser function “simplexml_load_string” to parse an XML document sent from the Flash movie and then works with the XML DOM object returned by the function. When the string given to “simplexml_load_string” is not a valid XML document, the function will return NULL and this is what happened.<\/p>\n

So I had to investigate why the Flash movie would suddenly send non-valid XML when it didn’t all the time before. Upon examination I found that the XML code sent by the Flash movie contained &nbsp; entities as they are used in HTML. XML however (while it does know the concept of entities) does by default not know these entities but only a very limited set of entities<\/a>, so an XML document containing the &nbsp; entity will not be accepted as valid XML.<\/p>\n

Comparing the behaviour with an older version of Adobe Flash Player (10.0) I found that this is obviously a bug introduced in version 10.1. The problem can be reproduced in a minimal flash movie using the following Action Script code:<\/p>\n

 var xml:XML = new XML();\r\n var SubNode:XMLNode = new XMLNode(1, \"TestNode\");\r\n \/\/Nonbreakable space\r\n SubNode.attributes.TestAttribte = \"\\xA0\";\r\n xml.appendChild(SubNode);\r\n xml.send(\"Test.php\", \"_self\", \"POST\");<\/pre>\n
Using the Live HTTP Headers extension of Firefox the problem can be made visible.<\/p>\n
This is what it looks like with the older version 10,0,45,2 of Flash Player:<\/p>\n
\"Flash<\/a><\/p>\n
The newest version 10,1,53,64 incorrectly replaces the nonbreakable space character with the HTML entity:<\/p>\n
\"Version<\/a><\/p>\n
I have reported this bug to Adobe<\/a> and it will be interesting to see how quick it will be fixed.<\/p>\n
Inside my PHP script, I currently use the following function to replace the incorrectly set &nbsp; entity before processing by Simple XML:<\/p>\n
function fixAdobeNBSPBug($s){\r\n  $code = chr(0xC2) + chr(0xA0);\r\n  $s = str_replace('&nbsp;', $code, $s);\r\n  return $s;\r\n}<\/pre>\n","protected":false},"excerpt":{"rendered":"
Today, one of my customers notified my of a problem with a website I have created for him. The site uses an Adobe Flash movie to collect data from the visitor and then sends the data (including some raw image … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[45,41,43,44,42],"class_list":["post-90","post","type-post","status-publish","format-standard","hentry","category-programmierung","tag-adobe","tag-adobe-flash","tag-bug","tag-coding","tag-php"],"_links":{"self":[{"href":"https:\/\/www.neunbeere.de\/blog\/wp-json\/wp\/v2\/posts\/90","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.neunbeere.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.neunbeere.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.neunbeere.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.neunbeere.de\/blog\/wp-json\/wp\/v2\/comments?post=90"}],"version-history":[{"count":8,"href":"https:\/\/www.neunbeere.de\/blog\/wp-json\/wp\/v2\/posts\/90\/revisions"}],"predecessor-version":[{"id":95,"href":"https:\/\/www.neunbeere.de\/blog\/wp-json\/wp\/v2\/posts\/90\/revisions\/95"}],"wp:attachment":[{"href":"https:\/\/www.neunbeere.de\/blog\/wp-json\/wp\/v2\/media?parent=90"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.neunbeere.de\/blog\/wp-json\/wp\/v2\/categories?post=90"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.neunbeere.de\/blog\/wp-json\/wp\/v2\/tags?post=90"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}