1
0
mirror of https://github.com/golang/go synced 2024-11-21 21:54:40 -07:00

encoding/xml: require whitespace before processing instruction value

The value of a processing instruction must either be empty or have
whitespace before it.

Fixes: #68386
This commit is contained in:
Demi Marie Obenour 2024-07-14 15:57:14 -04:00
parent 239666cd73
commit 9c648caab3

View File

@ -604,27 +604,45 @@ func (d *Decoder) rawToken() (Token, error) {
case '?': case '?':
// <?: Processing instruction. // <?: Processing instruction.
var target string var target string
var data []byte
if target, ok = d.name(); !ok { if target, ok = d.name(); !ok {
if d.err == nil { if d.err == nil {
d.err = d.syntaxError("expected target name after <?") d.err = d.syntaxError("expected target name after <?")
} }
return nil, d.err return nil, d.err
} }
d.space()
d.buf.Reset() d.buf.Reset()
var b0 byte if b, ok = d.mustgetc(); !ok {
for { return nil, d.err
}
switch b {
case ' ', '\t', '\r', '\n':
d.space()
var b0 byte
for {
if b, ok = d.mustgetc(); !ok {
return nil, d.err
}
d.buf.WriteByte(b)
if b0 == '?' && b == '>' {
break
}
b0 = b
}
data = d.buf.Bytes()
data = data[0 : len(data)-2] // chop ?>
case '?':
if b, ok = d.mustgetc(); !ok { if b, ok = d.mustgetc(); !ok {
return nil, d.err return nil, d.err
} }
d.buf.WriteByte(b) if b != '>' {
if b0 == '?' && b == '>' { d.err = d.syntaxError("expected ?> after empty processing instruction")
break return nil, d.err
} }
b0 = b default:
d.err = d.syntaxError("unexpected byte after processing instruction name")
return nil, d.err
} }
data := d.buf.Bytes()
data = data[0 : len(data)-2] // chop ?>
if target == "xml" { if target == "xml" {
content := string(data) content := string(data)