encoding/xml: allows invalid comments

Question

encoding/xml: allows invalid comments

dvyukov opened this issue 9 years ago · 2 comments

The following program crashes with the panic:

package main

import (
    "encoding/xml"
)

type X struct {
    D string `xml:",comment"`
}

func main() {
    data := []byte("<X><!------></X>")
    v := new(X)
    if xml.Unmarshal(data, v) != nil {
        return
    }
    if _, err := xml.Marshal(v); err != nil {
        panic(err)
    }
}

panic: xml: comments must not contain "--"
goroutine 1 [running]:
main.main()
    xml.go:18 +0x129

The XML is malformed, as per XML spec:

http://www.w3.org/TR/REC-xml/#sec-comments
Comment ::= ''

Unmarshal must reject it.

on commit 306f8f1

Answer 1 · 2015-09-02T17:54:56.000Z

See CL https://golang.org/cl/14173.

Answer 2 · 2015-09-02T18:01:13.000Z

CL https://golang.org/cl/14173 mentions this issue.