Mingun
commented
1 year ago I think, this is by desing, but we can have a setting to enforce checks, and definitely should have this checks for serde deserializer
Open wt opened 1 year ago
Mingun
commented
1 year ago I think, this is by desing, but we can have a setting to enforce checks, and definitely should have this checks for serde deserializer
wt
commented
1 year ago It would also be useful to have a Reader/NSReader capable of enforcing such a thing for when I know there is only one document in a file/str source.
Mingun
commented
1 year ago Yeah, I say exactly this -- add a setting to enforce this behavior
PhilipDaniels
commented
1 month ago In addition to these problems, quick_xml also allows spurious additional attributes on the Xml declaration. The following is parsed fine into a BytesDecl:
<?xml version="1.0" foo="bar"?>According to the spec at https://www.w3.org/TR/REC-xml/#NT-prolog this should be forbidden.
Mingun
commented
1 month ago This is planned to be fixed in validation API the preliminary version of which can be found in my validation branch
The parser allows XML declarations anywhere in the file. If a declaration exists it should be at the very beginning of the file.
Also, only one declaration should be allowed.
Both of these constraints are not currently enforced.
More info on the validity of xml declarations is here.