Skip to content

Commit 197ff37

Browse files
DemiMarieDemiMarie
committed
encoding/xml: Require whitespace between attributes
This is needed to reject the ill-formed document <a b='c'c='d/>. Fixes: golang#68385
1 parent 239666c commit 197ff37

File tree

2 files changed

+25
-9
lines changed

2 files changed

+25
-9
lines changed

Diff for: src/encoding/xml/xml.go

+20-6
Original file line numberDiff line numberDiff line change
@@ -794,13 +794,30 @@ func (d *Decoder) rawToken() (Token, error) {
794794
}
795795

796796
attr = []Attr{}
797-
for {
798-
d.space()
797+
Outer: for {
799798
if b, ok = d.mustgetc(); !ok {
800799
return nil, d.err
801800
}
802-
if b == '/' {
801+
switch b {
802+
case ' ', '\t', '\r', '\n':
803+
// Skip subsequent spaces
804+
d.space()
805+
if b, ok = d.mustgetc(); !ok {
806+
return nil, d.err
807+
}
808+
if b == '>' {
809+
break Outer
810+
}
811+
empty = b == '/'
812+
case '>':
813+
break Outer
814+
case '/':
803815
empty = true
816+
default:
817+
d.err = d.syntaxError("expected whitespace, />, or > following element name or attribute value")
818+
return nil, d.err
819+
}
820+
if empty {
804821
if b, ok = d.mustgetc(); !ok {
805822
return nil, d.err
806823
}
@@ -810,9 +827,6 @@ func (d *Decoder) rawToken() (Token, error) {
810827
}
811828
break
812829
}
813-
if b == '>' {
814-
break
815-
}
816830
d.ungetc(b)
817831

818832
a := Attr{}

Diff for: src/encoding/xml/xml_test.go

+5-3
Original file line numberDiff line numberDiff line change
@@ -265,6 +265,8 @@ var xmlInput = []string{
265265
"<t a>",
266266
"<t a=>",
267267
"<t a=v>",
268+
// Issue 68385
269+
"<a b='c'c='d'/>",
268270
// "<![CDATA[d]]>", // let the Token() caller handle
269271
"<t></e>",
270272
"<t></>",
@@ -1122,15 +1124,15 @@ func TestIssue7113(t *testing.T) {
11221124
}
11231125

11241126
func TestIssue20396(t *testing.T) {
1125-
1126-
var attrError = UnmarshalError("XML syntax error on line 1: expected attribute name in element")
1127+
var attrError = UnmarshalError("XML syntax error on line 1: expected whitespace, />, or > following element name or attribute value")
11271128

11281129
testCases := []struct {
11291130
s string
11301131
wantErr error
11311132
}{
11321133
{`<a:te:st xmlns:a="abcd"/>`, // Issue 20396
1133-
UnmarshalError("XML syntax error on line 1: expected element name after <")},
1134+
UnmarshalError("XML syntax error on line 1: colon after prefixed XML name a:te")},
1135+
{`<a test='d'xmlns:a="abcd"/>`, attrError},
11341136
{`<a:te=st xmlns:a="abcd"/>`, attrError},
11351137
{`<a:te&st xmlns:a="abcd"/>`, attrError},
11361138
{`<a:test xmlns:a="abcd"/>`, nil},

0 commit comments

Comments
 (0)