encoding/xml: does not check namespace constraints that do not require keeping extra state #68296
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Go version
go version go1.21.11 linux/amd64
Output of
go env
in your module/workspace:What did you do?
https://go.dev/play/p/FRIvYTU13fC
What did you see happen?
encoding/xml
does not reject XML with the following violations of namespace constraints:Binding a URL other than
http://www.w3.org/XML/1998/namespace
to the prefixxml
:Binding
http://www.w3.org/XML/1998/namespace
to a prefix other thanxml
:Declaring
http://www.w3.org/XML/1998/namespace
as the default namespace:Declaring the prefix
xmlns
, whether it is with the correct URLhttp://www.w3.org/2000/xmlns/
or with any other URL:
Binding the URL
http://www.w3.org/2000/xmlns/
to any prefix:Declaring
http://www.w3.org/2000/xmlns/
as the default namespace:Using
xmlns
as the prefix for an element:Undeclaring a namespace prefix by binding the empty string
What did you expect to see?
encoding/xml
should reject these violations, whetherToken
orRawToken
are used. Detecting these violations can be done without maintaining any additional state and without resolving prefixes to namespace URLs.The text was updated successfully, but these errors were encountered: