encoding/xml: prevent multiple XMLNS attributes #42808
Conversation
Having multiple attributes of the same name is a violation of the XML well-formedness rules. This patch does not fix every possible way this could happen, but it does prevent marshaling from introducing such an issue when a start token is encoded that contains both a Name attribute with a namespace set and an xmlns attribute. Fixes #42807
google-cla
bot
added
the
cla: yes
| @@ -2144,7 +2162,7 @@ var encodeTokenTests = []struct { | |||
| {Name{"space", "a"}, "value"}, | |||
| }}, | |||
| }, | |||
| want: `<foo xmlns="space" xmlns="space"><foo xmlns="space" xmlns:_xmlns="xmlns" _xmlns:y="space" xmlns:space="space" space:a="value">`, | |||
There was a problem hiding this comment.
I was a little concerned that this was intentional behavior when I saw that existing tests had this, but couldn't see why this would be the case so I went ahead and "fixed" them hoping this was just an oversight while copy/pasting some output for these individual tests. If this is not so, please advise.
|
This PR (HEAD: a9b76c1) has been imported to Gerrit for code review. Please visit https://go-review.googlesource.com/c/go/+/272806 to see it. Tip: You can toggle comments from me using the |
|
Message from Sam Whited: Patch Set 1: Run-TryBot+1 Please don’t reply on this GitHub thread. Visit golang.org/cl/272806. |
|
Message from Go Bot: Patch Set 1: TryBots beginning. Status page: https://farmer.golang.org/try?commit=cfb219a5 Please don’t reply on this GitHub thread. Visit golang.org/cl/272806. |
|
Message from Go Bot: Patch Set 1: TryBot-Result+1 TryBots are happy. Please don’t reply on this GitHub thread. Visit golang.org/cl/272806. |
Encoding the output of TokenReader can create multiple xmlns attributes due to a bug in encoding/xml. This patch uses RawToken in the decode stage to work around this and can be reverted after the upstream issue is fixed and in all supported versions of Go. Upstream issue: https://golang.org/issue/42807 (golang/go#42807) Upstream CL: https://golang.org/cl/272806 (golang/go#42808) Fixes #74 Signed-off-by: Sam Whited <sam@samwhited.com>
|
Message from Sam Whited: Patch Set 1: (1 comment) Please don’t reply on this GitHub thread. Visit golang.org/cl/272806. |
|
Hi, could I get an explanation for why this was closed without review? Thank you. |
|
I closed old PRs to reduce load on the Gerrit importer (#50197), sorry for the trouble. I'll reopen the CL. |
Having multiple attributes of the same name is a violation of the XML
well-formedness rules. This patch does not fix every possible way this
could happen, but it does prevent marshaling from introducing such an
issue when a start token is encoded that contains both a Name attribute
with a namespace set and an xmlns attribute.
Fixes #42807