Issues with XML and html/template

italia / spid-go

Go package for SPID authentication

BSD 3-Clause "New" or "Revised" License

14 stars 12 forks source link

Issues with XML and html/template #1

Closed enrichman closed 5 years ago

enrichman commented 5 years ago

SP Metadata are not correctly parsed since the html/template package is not meant for XML templating (see: https://github.com/golang/go/issues/3133 ) It results in having the first line escaped in

&lt;?xml version="1.0"?>

I would suggest to delegate the SAML XML logic to a more complete and robust library implementation, such as https://github.com/RobotsAndPencils/go-saml.

What do you think? 👍

alranel commented 5 years ago

Thank you for the report! Switched to text/template which does not provide XML escaping but it's fine for our needs.

The SAML package you linked actually looks abandoned, and generates invalid metadata: https://github.com/RobotsAndPencils/go-saml/issues/9