From: Ian Lance Taylor Date: Tue, 20 Oct 2020 22:19:36 +0000 (-0700) Subject: encoding/xml: fix reserved namespace check to be case-insensitive X-Git-Tag: go1.16beta1~610 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=cb768c801a9cafa18fe7805ac70bd947930fcdc7;p=gostls13.git encoding/xml: fix reserved namespace check to be case-insensitive Fixes the check for the reserved namespace prefix "xml" to be case insensitive, so as to match all variants of: (('X'|'x')('M'|'m')('L'|'l')) as mandated by Section 2.3 of https://www.w3.org/TR/REC-xml/ This is a roll forward of CL 203417, which was rolled back by CL 240179. We've decided that the roll back was incorrect, and any broken tests should be fixed. The original CL 203417 was by Tamás Gulácsi. Fixes #35151 For #39876 Change-Id: I2e6daa7aeb252531fba0b8a56086613e13059528 Reviewed-on: https://go-review.googlesource.com/c/go/+/264024 Trust: Ian Lance Taylor Run-TryBot: Ian Lance Taylor TryBot-Result: Go Bot Reviewed-by: Damien Neil Reviewed-by: Emmanuel Odeke --- diff --git a/doc/go1.16.html b/doc/go1.16.html index b6df0487ca..1239217eed 100644 --- a/doc/go1.16.html +++ b/doc/go1.16.html @@ -302,6 +302,20 @@ Do not send CLs removing the interior tags from such phrases. +
encoding/xml
+
+

+ The encoder has always taken care to avoid using namespace prefixes + beginning with xml, which are reserved by the XML + specification. + Now, following the specification more closely, that check is + case-insensitive, so that prefixes beginning + with XML, XmL, and so on are also + avoided. +

+
+
+
net/http

diff --git a/src/encoding/xml/marshal.go b/src/encoding/xml/marshal.go index 0554b0d204..d8a04a95a2 100644 --- a/src/encoding/xml/marshal.go +++ b/src/encoding/xml/marshal.go @@ -345,8 +345,11 @@ func (p *printer) createAttrPrefix(url string) string { if prefix == "" || !isName([]byte(prefix)) || strings.Contains(prefix, ":") { prefix = "_" } - if strings.HasPrefix(prefix, "xml") { - // xmlanything is reserved. + // xmlanything is reserved and any variant of it regardless of + // case should be matched, so: + // (('X'|'x') ('M'|'m') ('L'|'l')) + // See Section 2.3 of https://www.w3.org/TR/REC-xml/ + if len(prefix) >= 3 && strings.EqualFold(prefix[:3], "xml") { prefix = "_" + prefix } if p.attrNS[prefix] != "" { diff --git a/src/encoding/xml/marshal_test.go b/src/encoding/xml/marshal_test.go index 31309ef2ca..d2e5137afd 100644 --- a/src/encoding/xml/marshal_test.go +++ b/src/encoding/xml/marshal_test.go @@ -2283,6 +2283,30 @@ var encodeTokenTests = []struct { }}, }, want: ``, +}, { + desc: "reserved namespace prefix -- all lower case", + toks: []Token{ + StartElement{Name{"", "foo"}, []Attr{ + {Name{"http://www.w3.org/2001/xmlSchema-instance", "nil"}, "true"}, + }}, + }, + want: ``, +}, { + desc: "reserved namespace prefix -- all upper case", + toks: []Token{ + StartElement{Name{"", "foo"}, []Attr{ + {Name{"http://www.w3.org/2001/XMLSchema-instance", "nil"}, "true"}, + }}, + }, + want: ``, +}, { + desc: "reserved namespace prefix -- all mixed case", + toks: []Token{ + StartElement{Name{"", "foo"}, []Attr{ + {Name{"http://www.w3.org/2001/XmLSchema-instance", "nil"}, "true"}, + }}, + }, + want: ``, }} func TestEncodeToken(t *testing.T) {