encoding/xml: accepts ill-formed XML declarations

[DemiMarie]

Go version

Git main

Output of go env in your module/workspace:

GO111MODULE=''
GOARCH='amd64'
GOBIN=''
GOCACHE='/home/user/.cache/go-build'
GOENV='/home/user/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/home/user/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/home/user/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/home/user/go/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/home/user/go/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='devel go1.23-071b8d51c1a70fa6b12f0bed2e93370e193333fd Fri Jul 12 22:42:17 2024 +0000'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/home/user/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/home/user/go/go/src/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1803937823=/tmp/go-build -gno-record-gcc-switches'

What did you do?

Tried to parse XML with various ill-formed XML declarations, such as the following:

1. Wrong order of key/value pairs:

   <?xml standalone="yes" version="1.0"?>

2. Missing space between key/value pairs:

   <?xml version="1.0"standalone="yes"?>

3. Junk in data:

   <?xml version="1.0" a standalone="yes"?>

4. Invalid key:

   <?xml version="1.0" dalone="yes"?>

5. Invalid encoding:

   <?xml version="1.0" encoding="not valid"?>

6. Invalid standalone value

   <?xml version="1.0" standalone="not valid"?>

What did you see happen?

No error, so long as a CharsetReader that can handle the invalid encoding is provided.

What did you expect to see?

Errors because these documents are ill-formed.

[gabyhelp]

Related Issues and Documentation

• encoding/xml: accepts various ill-formed XML #68293
• encoding/xml: Decoder does not reject xml-ProcInst preceeded by other data #65691
• encoding/xml: does not reject multiple attributes with the same namespace URL and local part #68297
• encoding/xml: does not reject duplicate attribute names #68295
• encoding/xml: does not check namespace constraints that do not require keeping extra state #68296
• encoding/xml: accepts invalid XML with multiple colons #20396 (closed)
• encoding/xml: does not reject non-space before the root element or after the end of the root element #68332
• encoding/xml: allows a colon before or after an XML name #68294
• encoding/xml: accepts XML with no space between attributes #68385
• encoding/xml: does not parse internal subset of DTD as required by standard #68388

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[cherrymui]

Could you share a code snippet for how you parse the XML? Thanks.

[DemiMarie]

https://go.dev/play/p/gmZ-M1l8zVp

package main

import (
	"encoding/xml"
	"os"
	"fmt"
	"strings"
)

func checkIllFormedXMLGetsError(s string) (ok bool) {
	var v error
	d := xml.NewDecoder(strings.NewReader(s))
	d.CharsetReader = func(charset string, reader io.Reader) (io.Reader, error) { return reader, nil }
	tok, err := d.RawToken()
	if tok != nil || err == nil {
		_, v = fmt.Printf("BAD: got a token (%#v) or no error (%#v) when decoding %q\n", tok, err, s)
	} else {
		_, v = fmt.Printf("GOOD: got error (%#v) on ill-formed XML (%q)\n", err, s)
		ok = true
	}
	if v != nil {
		panic(v)
	}
	return
}

func main() {
	illFormedDocs := []string{
		`<?xml standalone="yes" version="1.0"?>`,
		`<?xml version="1.0"standalone="yes"?>`,
		`<?xml version="1.0" a standalone="yes"?>`,
		`<?xml version="1.0" dalone="yes"?>`,
		`<?xml version="1.0" encoding="not valid"?>`,
		`<?xml version="1.0" standalone="not valid"?>`,
	}
	bad := false
	for _, illFormed := range(illFormedDocs) {
		if !checkIllFormedXMLGetsError(illFormed) {
			bad = true
		}
	}
	if bad {
		os.Exit(1)
	}
}

[cherrymui]

Thanks.

cc @rsc @ianlancetaylor