XML parser accepts invalid entities

ikorin24 / U8XmlParser

Extremely fast UTF-8 xml parser library

MIT License

95 stars 13 forks source link

XML parser accepts invalid entities #23

Closed SebastianStehle closed 2 years ago

SebastianStehle commented 2 years ago

According to the XML specs entities need to be registered, e.g. this is not valid XML:

<?xml version="1.0" encoding="UTF-8"?>
<SomeData>
    <Data>&copy;</Data>
</SomeData>

You have to register these entities:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE SomeData[
    <!ENTITY copy "&#169;;">
]>
<SomeData>
    <Data>&copy;</Data>
</SomeData>

ikorin24 commented 2 years ago

U8XmlParser is designed to read all correct xml, but it is not designed to always output an error for wrong xml. This design is for speed of execution and will not be changed in the future.

If you need proper handling of wrong xml, we recommend you to use other parsers.