encoding/xml: empty namespace prefix definitions should be illegal

Question

encoding/xml: empty namespace prefix definitions should be illegal

Opened this issue 10 years ago · 14 comments

What does 'go version' print?
go version go1.2 linux/amd64


What steps reproduce the problem?
http://play.golang.org/p/f8UWfdF7Hb

What happened?
No-error.

What should have happened instead?
Should generate an error.

Per http://www.w3.org/TR/REC-xml-names/#dt-prefix a prefix must refer to a namespace
name, not the empty string. 

Please provide any additional information below.

Ran into this in implementing webdav, the litmus tests test this error condition [and
due to xml.Token hiding prefixing it is impossible to detect otherwise]

Answer 1 · 2014-10-01T20:46:57.000Z

Comment 1:

Labels changed: added repo-main, release-none.

Answer 2 · 2014-11-27T08:49:48.000Z

Comment 2:

> Per http://www.w3.org/TR/REC-xml-names/#dt-prefix a prefix must
> refer to a namespace name, not the empty string. 
I couldn't find this stated clearly in the spec. It says "The attribute's normalized
value MUST be either a URI reference — the namespace name identifying the namespace
— or an empty string.". It also explicitly allows the empty string for the xmlns
attribute itself (from section 6.2: "The attribute value in a default namespace
declaration MAY be empty. This has the same effect, within the scope of the declaration,
of there being no default namespace.")
That said, it's not clear what the semantics should be for an empty value.

Answer 3 · 2014-11-27T23:44:37.000Z

Comment 3:

I must admit I was echo'ing the complaint from the WebDAV litmus test suite; which
claimed an empty prefix specification was invalid. 
I agree with your reading that it doesn't appear clear. 6.3. doesn't apply here, i'm
concerned specifically with namespace prefixes [the test in WebDAV is with xmlns:dav=""]

Answer 4 · 2015-05-21T05:17:05.000Z

It could be that, at the time of writing of the WebDAV litmus test suite, an empty namespace prefix was illegal, but that has since become legal. The grammar differs between
http://www.w3.org/TR/2006/REC-xml-names-20060816/#ns-decl and
http://www.w3.org/TR/REC-xml-names/#dt-prefix

Answer 5 · 2018-04-08T17:48:33.000Z

Change https://golang.org/cl/105636 mentions this issue: encoding/xml: fix invalid empty namespace without prefix

Answer 6 · 2018-04-08T17:51:07.000Z

Namespace handling is not checking this case before adding the namespace to the namespace array of the decoder. A related fix is submitted which also rejects syntax xmlns:="..." which is invalid.

Answer 7 · 2018-04-27T07:07:04.000Z

Change https://golang.org/cl/109855 mentions this issue: encoding/xml : Fixes to enforce XML namespace standard

Answer 8 · 2021-10-12T18:39:06.000Z

Change https://golang.org/cl/355353 mentions this issue: encoding/xml: support xmlns prefixes

Answer 9 · 2022-11-29T18:32:05.000Z

As a heads up, this fix broke a couple of Google-internal tests that process XML from various sources. I believe that the added check is probably correct, but it seems very possible that this will cause some trouble. Should there be a way to opt out? Given that the fix waited 8 years, perhaps rolling back and taking some time to think about it would be reasonable?

Answer 10 · 2022-11-29T19:35:36.000Z

At this stage in the release cycle we should roll back and try again next cycle. I will send a revert CL.

Answer 11 · 2022-11-29T19:38:29.000Z

Revert CL is 453996, reopening this issue.

Answer 12 · 2022-11-29T19:42:58.000Z

Change https://go.dev/cl/453996 mentions this issue: Revert "encoding/xml: disallow empty namespace when prefix is set"

Answer 13 · 2024-07-07T10:29:58.000Z

Change https://go.dev/cl/596975 mentions this issue: encoding/xml: disallow empty namespace when prefix is set

Answer 14 · 2024-07-19T22:58:23.000Z

Moving to backlog.