encoding/xml: does not parse internal subset of DTD as required by standard

[DemiMarie]

Go version

1.22 I believe

Output of go env in your module/workspace:

Whatever is on https://go.dev/play

What did you do?

Parse XML files with ill-formed or misplaced directives, such as:

1. <!BOGUS><a/>

2. <!DOCTYPE JUNK A><a/>

3. <a/><!DOCTYPE a>

https://go.dev/play/p/ZzfA0W3EUMJ has an example.

What did you see happen?

Documents are wrongly accepted, in violation of the XML spec.

What did you expect to see?

Either encoding/xml performs the checks on directives that non-validating parsers must perform, or all directives (including DTDs) are rejected by default. The latter is what .NET’s XML parser does: by default, DTDs are a fatal parse error.

[gabyhelp]

Related Issues and Documentation

• encoding/xml: accepts various ill-formed XML #68293
• encoding/xml: parser does not accumulate nested directives properly #1549 (closed)
• encoding/xml: accepts invalid XML with multiple colons #20396 (closed)
• encoding/xml: can decode but not encode a DOCTYPE with an internal subset #10158 (closed)
• encoding/xml: does not reject non-space before the root element or after the end of the root element #68332

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[DemiMarie]

There are at least two possible fixes here:

1. Actually parse the DTD. This is complex and a slow path, so I would prefer to use a goyacc-generated parser rather than a handwritten one.
2. By default, return an error if a DTD is present at all.