encoding/xml: empty namespace prefix definitions should be illegal

[ghost]

What does 'go version' print?
go version go1.2 linux/amd64

What steps reproduce the problem?
http://play.golang.org/p/f8UWfdF7Hb

What happened?
No-error.

What should have happened instead?
Should generate an error.

Per http://www.w3.org/TR/REC-xml-names/#dt-prefix a prefix must refer to a namespace
name, not the empty string. 

Please provide any additional information below.

Ran into this in implementing webdav, the litmus tests test this error condition [and
due to xml.Token hiding prefixing it is impossible to detect otherwise]

[griesemer]

Comment 1:

Labels changed: added repo-main, release-none.

[rogpeppe]

Comment 2:

> Per http://www.w3.org/TR/REC-xml-names/#dt-prefix a prefix must
> refer to a namespace name, not the empty string. 
I couldn't find this stated clearly in the spec. It says "The attribute's normalized
value MUST be either a URI reference — the namespace name identifying the namespace
— or an empty string.". It also explicitly allows the empty string for the xmlns
attribute itself (from section 6.2: "The attribute value in a default namespace
declaration MAY be empty. This has the same effect, within the scope of the declaration,
of there being no default namespace.")
That said, it's not clear what the semantics should be for an empty value.

[ghost]

Comment 3:

I must admit I was echo'ing the complaint from the WebDAV litmus test suite; which
claimed an empty prefix specification was invalid. 
I agree with your reading that it doesn't appear clear. 6.3. doesn't apply here, i'm
concerned specifically with namespace prefixes [the test in WebDAV is with xmlns:dav=""]

[nigeltao]

It could be that, at the time of writing of the WebDAV litmus test suite, an empty namespace prefix was illegal, but that has since become legal. The grammar differs between http://www.w3.org/TR/2006/REC-xml-names-20060816/#ns-decl and http://www.w3.org/TR/REC-xml-names/#dt-prefix

[gopherbot]

Change https://golang.org/cl/105636 mentions this issue: encoding/xml: fix invalid empty namespace without prefix

[iwdgo]

Namespace handling is not checking this case before adding the namespace to the namespace array of the decoder. A related fix is submitted which also rejects syntax xmlns:="..." which is invalid.

[gopherbot]

Change https://golang.org/cl/109855 mentions this issue: encoding/xml : Fixes to enforce XML namespace standard

[gopherbot]

Change https://golang.org/cl/355353 mentions this issue: encoding/xml: support xmlns prefixes

[heschi]

As a heads up, this fix broke a couple of Google-internal tests that process XML from various sources. I believe that the added check is probably correct, but it seems very possible that this will cause some trouble. Should there be a way to opt out? Given that the fix waited 8 years, perhaps rolling back and taking some time to think about it would be reasonable?

[ianlancetaylor]

At this stage in the release cycle we should roll back and try again next cycle. I will send a revert CL.

[ianlancetaylor]

Revert CL is 453996, reopening this issue.

[gopherbot]

Change https://go.dev/cl/453996 mentions this issue: Revert "encoding/xml: disallow empty namespace when prefix is set"

[gopherbot]

Change https://go.dev/cl/596975 mentions this issue: encoding/xml: disallow empty namespace when prefix is set

[ianlancetaylor]

Moving to backlog.