[go] encoding/xml: prevent multiple XMLNS attributes
255 views
Skip to first unread message
Gerrit Bot (Gerrit)
Nov 24, 2020, 10:34:57 AM11/24/20
to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
Gerrit Bot has uploaded this change for review.
encoding/xml: prevent multiple XMLNS attributes
Having multiple attributes of the same name is a violation of the XML
well-formedness rules. This patch does not fix every possible way this
could happen, but it does prevent marshaling from introducing such an
issue when a start token is encoded that contains both a Name attribute
with a namespace set and an xmlns attribute.
Fixes #42807
Change-Id: I5ae8a5736d9a6a420d2e8ebb424ce8650a699a4a
GitHub-Last-Rev: a9b76c1ec15bde4e0e19c91fc22dc3555ddcbbfe
GitHub-Pull-Request: golang/go#42808
---
M src/encoding/xml/marshal.go
M src/encoding/xml/marshal_test.go
2 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/src/encoding/xml/marshal.go b/src/encoding/xml/marshal.go
index d8a04a9..85e0a33 100644
--- a/src/encoding/xml/marshal.go
+++ b/src/encoding/xml/marshal.go
@@ -710,7 +710,7 @@
// Attributes
for _, attr := range start.Attr {
name := attr.Name
- if name.Local == "" {
+ if name.Local == "" || (start.Name.Space != "" && name.Local == "xmlns" && name.Space == "") {
continue
}
p.WriteByte(' ')
diff --git a/src/encoding/xml/marshal_test.go b/src/encoding/xml/marshal_test.go
index d2e5137..9ade242 100644
--- a/src/encoding/xml/marshal_test.go
+++ b/src/encoding/xml/marshal_test.go
@@ -326,6 +326,20 @@
return nil
}
+type MarshalMultipleXMLNS struct{}
+
+func (MarshalMultipleXMLNS) MarshalXML(e *Encoder, _ StartElement) error {
+ start := StartElement{
+ Name: Name{Space: "space", Local: "MarshalMultipleXMLNS"},
+ Attr: []Attr{{Name: Name{Local: "xmlns"}, Value: "attrSpace"}},
+ }
+ err := e.EncodeToken(start)
+ if err != nil {
+ return err
+ }
+ return e.EncodeToken(start.End())
+}
+
type MyMarshalerAttrTest struct {
}
@@ -1651,6 +1665,10 @@
Value: &DirectAny{Any: string("")},
UnmarshalOnly: true,
},
+ {
+ ExpectXML: `<MarshalMultipleXMLNS xmlns="space"></MarshalMultipleXMLNS>`,
+ Value: &MarshalMultipleXMLNS{},
+ },
}
func TestMarshal(t *testing.T) {
@@ -2144,7 +2162,7 @@
{Name{"space", "a"}, "value"},
}},
},
- want: `<foo xmlns="space" xmlns="space"><foo xmlns="space" xmlns:_xmlns="xmlns" _xmlns:y="space" xmlns:space="space" space:a="value">`,
+ want: `<foo xmlns="space"><foo xmlns="space" xmlns:_xmlns="xmlns" _xmlns:y="space" xmlns:space="space" space:a="value">`,
}, {
desc: "nested element defines default name space with existing prefix",
toks: []Token{
@@ -2156,7 +2174,7 @@
{Name{"space", "a"}, "value"},
}},
},
- want: `<foo xmlns:_xmlns="xmlns" _xmlns:x="space"><foo xmlns="space" xmlns="space" xmlns:space="space" space:a="value">`,
+ want: `<foo xmlns:_xmlns="xmlns" _xmlns:x="space"><foo xmlns="space" xmlns:space="space" space:a="value">`,
}, {
desc: "nested element uses empty attribute name space when default ns defined",
toks: []Token{
@@ -2167,7 +2185,7 @@
{Name{"", "attr"}, "value"},
}},
},
- want: `<foo xmlns="space" xmlns="space"><foo xmlns="space" attr="value">`,
+ want: `<foo xmlns="space"><foo xmlns="space" attr="value">`,
}, {
desc: "redefine xmlns",
toks: []Token{
@@ -2228,7 +2246,7 @@
{Name{"space", "x"}, "value"},
}},
},
- want: `<foo xmlns="space" xmlns="space"><foo xmlns="" x="value" xmlns:space="space" space:x="value">`,
+ want: `<foo xmlns="space"><foo xmlns="" x="value" xmlns:space="space" space:x="value">`,
}, {
desc: "nested element requires empty default name space",
toks: []Token{
@@ -2237,7 +2255,7 @@
}},
StartElement{Name{"", "foo"}, nil},
},
- want: `<foo xmlns="space" xmlns="space"><foo>`,
+ want: `<foo xmlns="space"><foo>`,
}, {
desc: "attribute uses name space from xmlns",
toks: []Token{
@@ -2259,7 +2277,7 @@
EndElement{Name{"space", "baz"}},
EndElement{Name{"space", "foo"}},
},
- want: `<foo xmlns="space" xmlns="space" xmlns:_xmlns="xmlns" _xmlns:bar="space" xmlns:space="space" space:baz="foo"><baz xmlns="space"></baz></foo>`,
+ want: `<foo xmlns="space" xmlns:_xmlns="xmlns" _xmlns:bar="space" xmlns:space="space" space:baz="foo"><baz xmlns="space"></baz></foo>`,
}, {
desc: "default name space not used by attributes, not explicitly defined",
toks: []Token{
@@ -2271,7 +2289,7 @@
EndElement{Name{"space", "baz"}},
EndElement{Name{"space", "foo"}},
},
- want: `<foo xmlns="space" xmlns="space" xmlns:space="space" space:baz="foo"><baz xmlns="space"></baz></foo>`,
+ want: `<foo xmlns="space" xmlns:space="space" space:baz="foo"><baz xmlns="space"></baz></foo>`,
}, {
desc: "impossible xmlns declaration",
toks: []Token{
To view, visit change 272806. To unsubscribe, or for help writing mail filters, visit settings.
Sam Whited (Gerrit)
Nov 24, 2020, 10:37:19 AM11/24/20
to Gerrit Bot, goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
Patch set 1:Run-TryBot +1
Sam Whited (Gerrit)
Nov 8, 2021, 6:58:20 AM11/8/21
to Gerrit Bot, goph...@pubsubhelper.golang.org, Russ Cox, Go Bot, golang-co...@googlegroups.com
1 comment:
Patchset:
Gentle ping to see if this is wanted or not.
To view, visit change 272806. To unsubscribe, or for help writing mail filters, visit settings.
Gopher Robot (Gerrit)
Dec 15, 2021, 2:54:30 PM12/15/21
to Gerrit Dou, goph...@pubsubhelper.golang.org, Russ Cox, golang-co...@googlegroups.com
Gopher Robot abandoned this change.
Abandoned
GitHub PR golang/go#42808 has been closed.
To view, visit change 272806. To unsubscribe, or for help writing mail filters, visit settings.
Heschi Kreinick (Gerrit)
Dec 15, 2021, 8:30:14 PM12/15/21
to Gerrit Dou, goph...@pubsubhelper.golang.org, Russ Cox, Gopher Robot, golang-co...@googlegroups.com
Heschi Kreinick restored this change.
To view, visit change 272806. To unsubscribe, or for help writing mail filters, visit settings.
Gopher Robot (Gerrit)
Aug 29, 2023, 9:08:49 AM8/29/23
to Gerrit Bot, goph...@pubsubhelper.golang.org, Russ Cox, golang-co...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages