BR-51 check in UBL is bogus

[phax]

The check is lacking a normalize-space call:

    <rule context="cac:PaymentMeans/cac:CardAccount">
      <assert id="BR-51" flag="warning" test="string-length(cbc:PrimaryAccountNumberID)&lt;=10">[BR-51]-In accordance with card payments security standards an invoice should never include a full card primary account number (BT-87). At the moment PCI Security Standards Council has defined that the first 6 digits and last 4 digits are the maximum number of digits to be shown.</assert>
    </rule>

We recommend to change the test to:

    <rule context="cac:PaymentMeans/cac:CardAccount/cbc:PrimaryAccountNumberID">
      <assert id="BR-51" flag="warning" test="string-length(normalize-space(.))&lt;=10">[BR-51]-In accordance with card payments security standards an invoice should never include a full card primary account number (BT-87). At the moment PCI Security Standards Council has defined that the first 6 digits and last 4 digits are the maximum number of digits to be shown.</assert>
    </rule>

a) Make the context as narrow as possible
b) Use normalize-space for the value to omit false positives for values like <cbc:PrimaryAccountNumberID> 1234567890 </cbc:PrimaryAccountNumberID>