When creating XML I'm wondering why the CDATA blocks are uses rather than just escaping the data. Is there something allowed in a CDATA block that can't be escaped and placed in a regular tag?
<node><![CDATA[ ...something... ]]></node>
instead of
<node>...something...</node>
Naturally you would need to escape the data in either case:
function xmlspecialchars($text)
{
return str_replace(''', ''', htmlspecialchars($text, ENT_QUOTES, 'utf-8'));
}
From the spec it seems that CDATA was just a posible solution when you don't the option to escape the data - yet you still trust it. For example, a RSS feed from your blog (that for some reason or another can't escape entities).
CDATA is just the standard way of keeping the original text as is, meaning that whatever application processes the XML shouldn't need to take any explicit action to unescape.
You get that typically with JavaScript embedded in XHTML, when you use reserved symbols:
<script type="text/javascript">
//<![CDATA[
var test = "<This is a string with reserved characters>";
if (1 > 0) {
alert(test);
}
//]]>
</script>
If you had if (1 > 0) instead, it would have to unescape explicitly (which it doesn't). It's also much more readable like this.