search

NaturalIntelligence / fast-xml-parser

Validate XML, Parse XML and Build XML rapidly without C/C++ based libraries and no callback.
https://naturalintelligence.github.io/fast-xml-parser/
MIT License
2.53k stars 303 forks source link

Validation of invalid XML declarations #616

Open bendrissou opened 1 year ago

bendrissou commented 1 year ago

Description

The parser accepts incorrect XML declarations as valid, without raising an error. This is despite enabling the validator option "-v".

Input

<?xml version="1.0" var ?>  <a/>

There is an unassigned attribute var, which I expected to raise an error. The input is saved in a file named example.xml.

Code

./src/cli/cli.js -v example.xml

Output

{ '?xml': { '@_version': 1 }, a: '' }

My question is: Why the XML validator doesn't throw an error? Please note that xmllint rejects the input example as invalid.

bendrissou commented 8 months ago

Hi @amitguptagwl

Can you please confirm if this is a valid issue?

amitguptagwl commented 7 months ago

Sorry I missed your original message. FXP validator checks for syntax error only, any other issue like scheme related, or the one you're highlighted are not covered. I'm not sure about this issue but you can check it by disallowing boolean attributes. I guess it is by default is set to allow.

bendrissou commented 7 months ago

I believe this is a syntax error. The expression does not conform to the XML syntax, or the XML grammar. So I assume this is unintended behaviour?

amitguptagwl commented 7 months ago

Have you checked by disallowing boolean attributes?

bendrissou commented 7 months ago

Hi @amitguptagwl

As shown above, I have enabled the -v option. I assume the -v flag should force the validation of the input before parsing. Is that correct?

amitguptagwl commented 7 months ago

Please try it from the code. I'm not sure if the CLI is updated with all the options. This docs can help you.

const {XMLValidator} = require("fast-xml-parser");
const result = XMLValidator.validate(xmlData, {
    allowBooleanAttributes: true
});
bendrissou commented 3 months ago

Hi @amitguptagwl

I have tried the code above:

#!/usr/bin/env node
const {XMLValidator} = require("../fxp");
const result = XMLValidator.validate('<?xml version="1.0" var ?>  <a/>', {
    allowBooleanAttributes: true
});
console.log(result);

Output is:

true

The XML input was accepted, despite having the unassigned attribute var.

amitguptagwl commented 3 months ago

As I remember, The validator has no check for xml description tag. same with v5