1
0
mirror of https://github.com/golang/go synced 2024-11-21 16:44:43 -07:00

encoding/xml: Require whitespace between attributes

This is needed to reject the ill-formed document <a b='c'c='d/>.

Fixes: #68385
This commit is contained in:
Demi Marie Obenour 2024-07-14 15:28:43 -04:00
parent 239666cd73
commit 197ff37d8c
2 changed files with 25 additions and 9 deletions

View File

@ -794,13 +794,30 @@ func (d *Decoder) rawToken() (Token, error) {
} }
attr = []Attr{} attr = []Attr{}
for { Outer: for {
d.space()
if b, ok = d.mustgetc(); !ok { if b, ok = d.mustgetc(); !ok {
return nil, d.err return nil, d.err
} }
if b == '/' { switch b {
case ' ', '\t', '\r', '\n':
// Skip subsequent spaces
d.space()
if b, ok = d.mustgetc(); !ok {
return nil, d.err
}
if b == '>' {
break Outer
}
empty = b == '/'
case '>':
break Outer
case '/':
empty = true empty = true
default:
d.err = d.syntaxError("expected whitespace, />, or > following element name or attribute value")
return nil, d.err
}
if empty {
if b, ok = d.mustgetc(); !ok { if b, ok = d.mustgetc(); !ok {
return nil, d.err return nil, d.err
} }
@ -810,9 +827,6 @@ func (d *Decoder) rawToken() (Token, error) {
} }
break break
} }
if b == '>' {
break
}
d.ungetc(b) d.ungetc(b)
a := Attr{} a := Attr{}

View File

@ -265,6 +265,8 @@ var xmlInput = []string{
"<t a>", "<t a>",
"<t a=>", "<t a=>",
"<t a=v>", "<t a=v>",
// Issue 68385
"<a b='c'c='d'/>",
// "<![CDATA[d]]>", // let the Token() caller handle // "<![CDATA[d]]>", // let the Token() caller handle
"<t></e>", "<t></e>",
"<t></>", "<t></>",
@ -1122,15 +1124,15 @@ func TestIssue7113(t *testing.T) {
} }
func TestIssue20396(t *testing.T) { func TestIssue20396(t *testing.T) {
var attrError = UnmarshalError("XML syntax error on line 1: expected whitespace, />, or > following element name or attribute value")
var attrError = UnmarshalError("XML syntax error on line 1: expected attribute name in element")
testCases := []struct { testCases := []struct {
s string s string
wantErr error wantErr error
}{ }{
{`<a:te:st xmlns:a="abcd"/>`, // Issue 20396 {`<a:te:st xmlns:a="abcd"/>`, // Issue 20396
UnmarshalError("XML syntax error on line 1: expected element name after <")}, UnmarshalError("XML syntax error on line 1: colon after prefixed XML name a:te")},
{`<a test='d'xmlns:a="abcd"/>`, attrError},
{`<a:te=st xmlns:a="abcd"/>`, attrError}, {`<a:te=st xmlns:a="abcd"/>`, attrError},
{`<a:te&st xmlns:a="abcd"/>`, attrError}, {`<a:te&st xmlns:a="abcd"/>`, attrError},
{`<a:test xmlns:a="abcd"/>`, nil}, {`<a:test xmlns:a="abcd"/>`, nil},