This release includes significant changes under the hood (such as a brand new parser!), but backwards compatibility has been a high priority. Most users should be able to upgrade without needing to make any changes (or with only minimal changes).
XML declarations (like
<?xml version="1.0"?>) and processing instructions are now included in parsed documents as
XmlProcessingInstructionnodes (with the
typevalue "pi"). Previously they were discarded.
true, attributes will be sorted in alphabetical order in an element's
attributesobject (which is no longer the default behavior).
The minimum supported Node.js version is now 12.x, and the minimum supported ECMAScript version is ES2017. Extremely old browsers (like IE11) are no longer supported out of the box, but you can still transpile parse-xml yourself if you need to support old browsers.
The XML parser has been completely rewritten with the primary goals of improving robustness and safety.
While the previous parser was good, it relied heavily on complex regular expressions. This helped keep it extremely small, but also left it open to the possibility of regex denial of service bugs when parsing unusual or maliciously crafted input.
The new parser uses a less interesting but overall safer approach, and employs regular expressions only sparingly and in ways that aren't risky (they're now only used as performance optimizations rather than as the basis for the entire parser).
parseXml()function now returns an
XmlDocumentinstance instead of a plain object. Its properties are backwards compatible.
Other node types (elements, text nodes, CDATA nodes, and comments) are also now represented by class instances (
XmlComment) rather than plain objects. Their properties are all backwards compatible.
Attributes are no longer sorted alphabetically by name in an element's
attributesobject by default. They're now defined in the same order that they're encountered in the document being parsed, unless the
sortAttributesparser option is
If the value returned by an optional
resolveUndefinedEntityfunction is not a string,
TypeErrorwill now be thrown. If you don't pass a custom
parseXml(), then this change won't affect you.
Some error messages have been changed to improve clarity, and more helpful errors have been added in some scenarios that previously would have resulted in generic or less helpful errors.
package.jsonhas been removed and the
mainfield now points both Node.js and browser bundlers to the same untranspiled CommonJS source.
When bundled using your favorite bundler, parse-xml will work great in all modern browsers with no transpilation needed. If you don't want to use a bundler, you can still use the prepackaged UMD bundle at
dist/umd/parse-xml.min.js, which provides a